[
https://issues.apache.org/jira/browse/HADOOP-4359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kan Zhang updated HADOOP-4359:
------------------------------
Attachment: AccessTokenDesign1.pdf
> Support for data access authorization checking on DataNodes
> -----------------------------------------------------------
>
> Key: HADOOP-4359
> URL: https://issues.apache.org/jira/browse/HADOOP-4359
> Project: Hadoop Core
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.20.0
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.21.0
>
> Attachments: AccessTokenDesign1.pdf, at13.patch, at19.patch,
> at31.patch, at33.patch, at34.patch, at35.patch, at36.patch, at37.patch,
> at38.patch, at39.patch, at40.patch
>
>
> Currently, DataNodes do not enforce any access control on accesses to its
> data blocks. This makes it possible for an unauthorized client to read a data
> block as long as she can supply its block ID. It's also possible for anyone
> to write arbitrary data blocks to DataNodes.
> When users request file accesses on the NameNode, file permission checking
> takes place. Authorization decisions are made with regard to whether the
> requested accesses to those files (and implicitly, to their corresponding
> data blocks) are permitted. However, when it comes to subsequent data block
> accesses on the DataNodes, those authorization decisions are not made
> available to the DataNodes and consequently, such accesses are not verified.
> Datanodes are not capable of reaching those decisions independently since
> they don't have concepts of files, let alone file permissions.
> In order to implement data access policies consistently across HDFS services,
> there is a need for a mechanism by which authorization decisions made on the
> NameNode can be faithfully enforced on the DataNodes and any unauthorized
> access is declined.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
