Interesting approach. My guess is that this would indeed protect the datanodes from accidental "attack" by stopping access before they are involved.
You might also consider just changing the name of the magic hadoop user to something that is more unlikely. The name "hadoop" is not far off what somebody might come up with as a user name for experimenting or running scheduled jobs. On Thu, Jul 23, 2009 at 3:28 PM, Ian Holsman <[email protected]> wrote: > I was thinking of alternatives similar to creating a proxy nameserver that > non-privileged users can attach to that forwards those to the "real" > nameserver or just hacking the nameserver so that it switches "hadoop" to > "hadoop_remote" for sessions from untrusted IP's. > > not being familiar with the code, I am presuming that there is a point > where the code determines the userID. can anyone point me to that bit? > I just want to hack it to downgrade superusers, and it doesn't have to be > too clean or work for every edge case. it's more to stop accidental > problems. > -- Ted Dunning, CTO DeepDyve
