[
https://issues.apache.org/jira/browse/HADOOP-8561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489674#comment-13489674
]
Luke Lu commented on HADOOP-8561:
---------------------------------
This approach has added benefit of working with clients (like HBase shell) not
written in Java.
bq. Using an env makes me a bit squeamish since it may introduce an unexpected
attack vector.
It won't do anything for ordinary users. An admin web app of course needs to do
a few things sanitize the input to disallow fork/exec etc.
> Introduce HADOOP_PROXY_USER for secure impersonation in child hadoop client
> processes
> -------------------------------------------------------------------------------------
>
> Key: HADOOP-8561
> URL: https://issues.apache.org/jira/browse/HADOOP-8561
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Luke Lu
> Assignee: Yu Gao
> Attachments: hadoop-8561-branch-1.patch, hadoop-8561-branch-2.patch,
> hadoop-8561.patch
>
>
> To solve the problem for an authenticated user to type hadoop shell commands
> in a web console, we can introduce an HADOOP_PROXY_USER environment variable
> to allow proper impersonation in the child hadoop client processes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
