Hi all,
We figured out that anyone who have configured their local hadoop with remote cluster hadoop details and having user name as hadoop can get administrative rights of the cluster. For example, if I create an user as hadoop locally in my machine and have conf directory details from the cluster running remotely, I can run "hadoop fs -rmr /data/" which can remove all the data available in the remote cluster at /data. I found this as a serious security vulnerable as anyone can do anything on the cluster as long as they know the configuration details (hadoop-site.xml etc). Could someone explain me if there is a way to avoid these kind of scenarios? Otherwise, what should be the best practice? Thanks Pallavi
