[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12521631
]
Tsz Wo (Nicholas), SZE commented on HADOOP-1298:
------------------------------------------------
1298_20070820a-1298only.patch looks good in general. Below are some comments:
- In POSIXFilePermission.implies(...), it calls equals(...) directly. It is
wrong since "rw-" implies "r--" but they are not equal.
- POSIXFileAction.EXECUTE might not be useful because Hadoop files cannot be
executed. For directories, there is no 'cd' command in Hadoop.
- SimpleTicket should not be visible to NameNode since it is implementation
dependent. I understand that you might just want to make the program compiled
and put it there temporary. Please remember to remove it.
- Please don't check something like "AuthorizedInternalHadoopEntity". If we
have such entity, it should be a subclass of HPrincipal. Then, check
instanceof.
- Similarly, for 'principal.getID() == 1' in DFSPolicy.implies(...), we could
make a SuperUser class. I think we might not need SuperUser (in the first
patch) because users can login by whatever username they want. Then, root is
just a normal user.
- Classes like POSIXFilePermission are visible to NameNode. So the permission
model is kind of struck on POSIX. It is better to make the model configurable.
NameNode always operates on generic classes like WritablePermissionCollection.
This configurable feature might not be necessary at this moment. We should
keep in mind for this possibility.
- I am not sure whether it is good to modify RPC. It might be better to modify
the particular RetryPolicy.
- Tickets need to be validated before use it. (this should be implemented later)
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Reporter: Kurtis Heimerl
> Assignee: Christophe Taton
> Fix For: 0.15.0
>
> Attachments: 1298_20070820a-1298only.patch,
> 1298_20070820a-full.patch, hadoop-user-munncha.patch17, layout20070731.patch
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
