[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz Wo (Nicholas), SZE updated HADOOP-1298:
-------------------------------------------
Attachment: layout20070725.patch
This issue is around for a long time. The main reason is the previous patches
involve too many components in th system. I suggest to make a simple core
patch, which adds user (will work on "group" and "other" later) information to
HDFS for preventing accidental file access. We also should keep in mind that
the framework should be extensible and pluggable.
- Extensible: possible to extend the framework to the other parts (e.g.
map-reduce) of Hadoop.
- Pluggable: can easily switch security implementations. Below is a diagram
borrowed from Java.
!http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!
- Implement a Hadoop authentication center (HAC). In the first step, the
mechanism of HAC is very simple, we keep track a list of usernames (we only
support users, will work on other principals later) in HAC and verify it in
user login (yeah, no password). HAC is running inside NameNode but should be
easily run as a stand alone server (we will probably replace it with Kerberos
later).
- NameNode keeps track file permissions and enforces access control.
layout20070725.patch is a class layout for Hadoop principals and permissions.
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Reporter: Kurtis Heimerl
> Fix For: 0.15.0
>
> Attachments: fsdirectory-cleanup-20070725-1351.patch,
> hadoop-dev-20070720-1633.patch.gz, hadoop-dev-20070724-0020.patch.gz,
> hadoop-dev-20070724-2349.patch.gz, hadoop-user-munncha.patch,
> hadoop-user-munncha.patch, hadoop-user-munncha.patch,
> hadoop-user-munncha.patch10, hadoop-user-munncha.patch11,
> hadoop-user-munncha.patch12, hadoop-user-munncha.patch13,
> hadoop-user-munncha.patch14, hadoop-user-munncha.patch15,
> hadoop-user-munncha.patch16, hadoop-user-munncha.patch17,
> hadoop-user-munncha.patch4, hadoop-user-munncha.patch5,
> hadoop-user-munncha.patch6, hadoop-user-munncha.patch7,
> hadoop-user-munncha.patch8, hadoop-user-munncha.patch9,
> hdfs-access-control.patch.gz, layout20070725.patch
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
