[jira] [Commented] (HDFS-12907) Allow read-only access to reserved raw for non-superusers

Thu, 07 Dec 2017 12:33:30 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282487#comment-16282487
 ] 

Andrew Wang commented on HDFS-12907:
------------------------------------

I think that would work, though of course I'd prefer not to open up internal 
state representation if it can be avoided.

On the topic of webhdfs client-side encryption, could you talk a little more 
about your usecase? We discussed this internally before in the context of Hue, 
and there didn't seem to be a great solution. They have a very simple Python 
WebHDFS client built around effectively curl, and they'd need to add their own 
KMS client and encryption routines. Really though, we'd want to move this all 
the way to the browser, and write the KMS client and encryption routines in 
Javascript. Ouch.

A way of scoping the KMS delegation token to limit what keys could be accessed 
would also be an improvement, e.g. a "key token" similar to the HDFS block 
token. It addresses some of the issues with webhdfs and encryption.

> Allow read-only access to reserved raw for non-superusers
> ---------------------------------------------------------
>
>                 Key: HDFS-12907
>                 URL: https://issues.apache.org/jira/browse/HDFS-12907
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.6.0
>            Reporter: Daryn Sharp
>            Assignee: Rushabh S Shah
>         Attachments: HDFS-12907.patch
>
>
> HDFS-6509 added a special /.reserved/raw path prefix to access the raw file 
> contents of EZ files.  In the simplest sense it doesn't return the FE info in 
> the {{LocatedBlocks}} so the dfs client doesn't try to decrypt the data.  
> This facilitates allowing tools like distcp to copy raw bytes.
> Access to the raw hierarchy is restricted to superusers.  This seems like an 
> overly broad restriction designed to prevent non-admins from munging the EZ 
> related xattrs.  I believe we should relax the restriction to allow 
> non-admins to perform read-only operations.  Allowing non-superusers to 
> easily read the raw bytes will be extremely useful for regular users, esp. 
> for enabling webhdfs client-side encryption.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to