[
https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12527257
]
Raghu Angadi commented on HADOOP-1298:
--------------------------------------
bq. Ok, I'll see how to move all permission checks into synchronized blocks so
as to ensure consistency. Thanks for pointing this out!
Could you outline briefly how you plan to do this once you come up with an
approach.
I think extracting the HDFS specific 'Subject' (user and group) and any other
generic authentication related checks can be done before the actual 'action'
outside the namesapce lock. And actual permission check would be very simple
and lightweight.. the permission check is mostly our own code instead of the
'Java Security' stuff. This way all the processing that is specific to
authentication module used happens outside the Namesystem.
> adding user info to file
> ------------------------
>
> Key: HADOOP-1298
> URL: https://issues.apache.org/jira/browse/HADOOP-1298
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs, fs
> Reporter: Kurtis Heimerl
> Assignee: Christophe Taton
> Fix For: 0.15.0
>
> Attachments: 1298_2007-09-06b.patch, 1298_2007-09-07g.patch,
> hadoop-user-munncha.patch17
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is
> this change, which associates user info with files. Following this I'll
> assoicate permissions info, then block methods based on that user info, then
> authorization of the user info.
> So, right now i've implemented adding user info to files. I'm looking for
> feedback before I clean this up and make it offical.
> I wasn't sure what release, i'm working off trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
