[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12516498
]
Christophe Taton commented on HADOOP-1298:
------------------------------------------
Hi all,
Here is how I plan to integrate permissions now:
- add an AccessController that implements a generic interface like
checkPermission(Action, Principal, Filename), actions can be read, write,
create, delete (copying how Permissions work in the JDK).
- insert checks in the FSNamesystem (or directly in NameNode? which one is
better?).
However I need some feedback on how to implement checking for the file creation
process as this involves many successive operations. What are the checks you
would see for these operations:
- startFile: checkCreate
- addBlock: checkCreate? what if the user is not allowed to create the file
anymore?
- abandonBlock: no check?
- abandonFileInProgress: no check?
- completeFile: checkCreate again?
Also for testing the existence of a file, what should be the behavior: when the
parent directories do not exist? when the principal is denied access to a
parent directory?
- exists: checkRead(most embedded existing parent directory)?
For all other operations, it seems straightforward to me, but I might be wrong,
so here is what I plan:
- delete: checkDelete
- getBlockSize: checkRead
- getListing: checkRead
- isDir: checkRead
- mkdirs: checkCreate
- renameTo: checkCreate and checkDelete
- setReplication: checkWrite
- getBlockLocations: checkRead
I do not plan to integrate checks on deprecated locking related functions.
Thanks for your comments,
Christophe T.
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Reporter: Kurtis Heimerl
> Fix For: 0.15.0
>
> Attachments: hadoop-dev-20070724-2349.patch.gz,
> hadoop-user-munncha.patch, hadoop-user-munncha.patch,
> hadoop-user-munncha.patch, hadoop-user-munncha.patch10,
> hadoop-user-munncha.patch11, hadoop-user-munncha.patch12,
> hadoop-user-munncha.patch13, hadoop-user-munncha.patch14,
> hadoop-user-munncha.patch15, hadoop-user-munncha.patch16,
> hadoop-user-munncha.patch17, hadoop-user-munncha.patch4,
> hadoop-user-munncha.patch5, hadoop-user-munncha.patch6,
> hadoop-user-munncha.patch7, hadoop-user-munncha.patch8,
> hadoop-user-munncha.patch9, hdfs-access-control.patch.gz, layout20070725.patch
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
