[
https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16282731#comment-16282731
]
Xiao Chen commented on HDFS-12907:
----------------------------------
Thanks Andrew for the ping and Rushabh / Daryn for discussions.
Sorry I did not fully understand the intent here, and probably misunderstood
some part of HDFS-12355. Could you help elaborating?
My understanding is after HDFS-12355, webhdfs eventually works with encryption
by:
- user gets the DT from hdfs and kms.
- user read / write a file, auths with HDFS using DT, get file status, then
gets redirected to a DN
- user passes the DTs along to the DN, where read/write a file with the crypto
streams happens.
- CryptoStreams auths with KMS using kms DT. The data is then read, decrypted
and returned.
- user cancels the DT.
Is this remotely correct? Why do we need to run datanode as a separate user?
(I think I understood Daryn's comment, and agree it would be another jira. Not
100% sure I see the relation here, are we trying to write raw bytes to the DN
and decrypt at the client-side instead of on the DN on HDFS-12355?)
> Allow read-only access to reserved raw for non-superusers
> ---------------------------------------------------------
>
> Key: HDFS-12907
> URL: https://issues.apache.org/jira/browse/HDFS-12907
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Affects Versions: 2.6.0
> Reporter: Daryn Sharp
> Assignee: Rushabh S Shah
> Attachments: HDFS-12907.patch
>
>
> HDFS-6509 added a special /.reserved/raw path prefix to access the raw file
> contents of EZ files. In the simplest sense it doesn't return the FE info in
> the {{LocatedBlocks}} so the dfs client doesn't try to decrypt the data.
> This facilitates allowing tools like distcp to copy raw bytes.
> Access to the raw hierarchy is restricted to superusers. This seems like an
> overly broad restriction designed to prevent non-admins from munging the EZ
> related xattrs. I believe we should relax the restriction to allow
> non-admins to perform read-only operations. Allowing non-superusers to
> easily read the raw bytes will be extremely useful for regular users, esp.
> for enabling webhdfs client-side encryption.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
