[jira] Commented: (HADOOP-4359) Support for data access authorization checking on DataNodes

Wed, 08 Oct 2008 13:50:36 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12638075#action_12638075
 ] 

Doug Cutting commented on HADOOP-4359:
--------------------------------------

> I think it's better for Hadoop to do it in an authentication independent way.

Okay.  So clients would still probably get some sort of signed ticket from the 
Namenode that encodes the blocks which may be accessed, along with a timeout, 
etc.  They'd pass this to datanodes with block requests, and the datanode would 
validate its signature before using it.  Is something like that what you have 
in mind?


> Support for data access authorization checking on DataNodes
> -----------------------------------------------------------
>
>                 Key: HADOOP-4359
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4359
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.20.0
>
>
> Currently, DataNodes do not enforce any access control on accesses to its 
> data blocks. This makes it possible for an unauthorized client to read a data 
> block as long as she can supply its block ID. It's also possible for anyone 
> to write arbitrary data blocks to DataNodes. 
> When users request file accesses on the NameNode, file permission checking 
> takes place. Authorization decisions are made with regard to whether the 
> requested accesses to those files (and implicitly, to their corresponding 
> data blocks) are permitted. However, when it comes to subsequent data block 
> accesses on the DataNodes, those authorization decisions are not made 
> available to the DataNodes and consequently, such accesses are not verified. 
> Datanodes are not capable of reaching those decisions independently since 
> they don't have concepts of files, let alone file permissions.
> In order to implement data access policies consistently across HDFS services, 
> there is a need for a mechanism by which authorization decisions made on the 
> NameNode can be faithfully enforced on the DataNodes and any unauthorized 
> access is declined.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to