[ https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16291623#comment-16291623 ]
Hudson commented on HDFS-12907: ------------------------------- SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13378 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13378/]) HDFS-12907. Allow read-only access to reserved raw for non-superusers. (kihwal: rev f5a72424c0009c454aab6759c30f74b397a7e935) * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestReservedRawPaths.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java * (edit) hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java > Allow read-only access to reserved raw for non-superusers > --------------------------------------------------------- > > Key: HDFS-12907 > URL: https://issues.apache.org/jira/browse/HDFS-12907 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.6.0 > Reporter: Daryn Sharp > Assignee: Rushabh S Shah > Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1, 2.8.4 > > Attachments: HDFS-12907.001.patch, HDFS-12907.002.patch, > HDFS-12907.003.patch, HDFS-12907.004.patch, HDFS-12907.branch-2.004.patch, > HDFS-12907.patch > > > HDFS-6509 added a special /.reserved/raw path prefix to access the raw file > contents of EZ files. In the simplest sense it doesn't return the FE info in > the {{LocatedBlocks}} so the dfs client doesn't try to decrypt the data. > This facilitates allowing tools like distcp to copy raw bytes. > Access to the raw hierarchy is restricted to superusers. This seems like an > overly broad restriction designed to prevent non-admins from munging the EZ > related xattrs. I believe we should relax the restriction to allow > non-admins to perform read-only operations. Allowing non-superusers to > easily read the raw bytes will be extremely useful for regular users, esp. > for enabling webhdfs client-side encryption. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org