[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christophe Taton updated HADOOP-1298:
-------------------------------------
Attachment: 1298_2007-09-05g.patch
I rewrote authorizations so that only directories have attached permissions.
The patch is still ~4600 lines. It contains some parts of the required
authentication framework HADOOP-1701, and also the entire permission framework
HADOOP-1782.
I updated the Policy provider with this new scheme:
- opening/reading a file requires read permission on the parent directory of
the file
- listing a directory's content requires read permission on this directory
- creating/deleting a file or a directory into an existing directory requires
write permission into that directory
- changing ownership of a directory can only be done by root
- changing the mode of a directory can only be done by root or by the owner of
the directory
I updated the test cases to reflect this new semantic.
All JUnit tests pass.
To sum up a bit what it done by this patch:
- most changes are related to introducing a {{Ticket}} parameter to
authenticate all RPCs
- a big change in NameNode consists in wrapping all concerned
{{ClientProtocol}} methods so as to have them being executed with the
appropriate {{AccessControlContext}} (see {{doAsSubject()}}).
- extension of INodes: {{INodeDirectory}} now contains a
{{WritablePermissionCollection}}, inducing a small update to the image format
to write and read permissions from the disk.
- the concrete permission checking logic is realized in the policy provider
{{dfs.DFSPolicy}}
- {{dfs.DFSSecurityManager}} is a helper class that copies the original
SecurityManager and ease integration of permission checking in the NameNode.
The default permission associated to files on creation or when upgrading from
older versions currently lets directories be owned by root with mode rwxrwxrwx.
What this misses now (I might forget many things here!):
- a real user database
- a shell tool to change permissions
- default permissions for new files should be derived from the principal that
creates the file (need to define a umask?)
- groups, to be complete with respect to POSIX...
If it comes that we all agree on this authorization scheme, we could push the
permission framework and the extension of INodes now, as this is quite generic
to my mind.
Then the ClientProtocol API will need to be updated with authentication
Tickets. And finally, the NameNode will have to integrate the authorization
checking logic.
I am looking forward to your comments!
Thanks in advance for the time you will spend in this.
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Reporter: Kurtis Heimerl
> Assignee: Christophe Taton
> Fix For: 0.15.0
>
> Attachments: 1298_2007-08-30a.patch, 1298_2007-09-05g.patch,
> hadoop-user-munncha.patch17
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
