[jira] Commented: (HADOOP-4359) Support for data access authorization checking on DataNodes

Thu, 09 Apr 2009 13:16:42 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12697632#action_12697632
 ] 

Kan Zhang commented on HADOOP-4359:
-----------------------------------

I uploaded a preliminary patch to get some early reviews. It's not complete. In 
particular, only READ and WRITE operations are changed to use access tokens for 
now and I have yet to add unit tests. But it should give you a fairly good idea 
of how access tokens are to be used.

> Support for data access authorization checking on DataNodes
> -----------------------------------------------------------
>
>                 Key: HADOOP-4359
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4359
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: at13.patch
>
>
> Currently, DataNodes do not enforce any access control on accesses to its 
> data blocks. This makes it possible for an unauthorized client to read a data 
> block as long as she can supply its block ID. It's also possible for anyone 
> to write arbitrary data blocks to DataNodes. 
> When users request file accesses on the NameNode, file permission checking 
> takes place. Authorization decisions are made with regard to whether the 
> requested accesses to those files (and implicitly, to their corresponding 
> data blocks) are permitted. However, when it comes to subsequent data block 
> accesses on the DataNodes, those authorization decisions are not made 
> available to the DataNodes and consequently, such accesses are not verified. 
> Datanodes are not capable of reaching those decisions independently since 
> they don't have concepts of files, let alone file permissions.
> In order to implement data access policies consistently across HDFS services, 
> there is a need for a mechanism by which authorization decisions made on the 
> NameNode can be faithfully enforced on the DataNodes and any unauthorized 
> access is declined.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to