[
https://issues.apache.org/jira/browse/HADOOP-4359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12704530#action_12704530
]
Hadoop QA commented on HADOOP-4359:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12406807/at36.patch
against trunk revision 770044.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 15 new or modified tests.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 Eclipse classpath. The patch retains Eclipse classpath integrity.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/testReport/
Findbugs warnings:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/artifact/trunk/build/test/checkstyle-errors.html
Console output:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-vesta.apache.org/263/console
This message is automatically generated.
> Support for data access authorization checking on DataNodes
> -----------------------------------------------------------
>
> Key: HADOOP-4359
> URL: https://issues.apache.org/jira/browse/HADOOP-4359
> Project: Hadoop Core
> Issue Type: New Feature
> Components: dfs
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: at13.patch, at19.patch, at31.patch, at33.patch,
> at34.patch, at35.patch, at36.patch
>
>
> Currently, DataNodes do not enforce any access control on accesses to its
> data blocks. This makes it possible for an unauthorized client to read a data
> block as long as she can supply its block ID. It's also possible for anyone
> to write arbitrary data blocks to DataNodes.
> When users request file accesses on the NameNode, file permission checking
> takes place. Authorization decisions are made with regard to whether the
> requested accesses to those files (and implicitly, to their corresponding
> data blocks) are permitted. However, when it comes to subsequent data block
> accesses on the DataNodes, those authorization decisions are not made
> available to the DataNodes and consequently, such accesses are not verified.
> Datanodes are not capable of reaching those decisions independently since
> they don't have concepts of files, let alone file permissions.
> In order to implement data access policies consistently across HDFS services,
> there is a need for a mechanism by which authorization decisions made on the
> NameNode can be faithfully enforced on the DataNodes and any unauthorized
> access is declined.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
