[jira] [Commented] (HDFS-12907) Allow read-only access to reserved raw for non-superusers

Thu, 14 Dec 2017 13:21:02 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16291623#comment-16291623
 ] 

Hudson commented on HDFS-12907:
-------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13378 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/13378/])
HDFS-12907. Allow read-only access to reserved raw for non-superusers. (kihwal: 
rev f5a72424c0009c454aab6759c30f74b397a7e935)
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestReservedRawPaths.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
* (edit) 
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSXAttrBaseTest.java


> Allow read-only access to reserved raw for non-superusers
> ---------------------------------------------------------
>
>                 Key: HDFS-12907
>                 URL: https://issues.apache.org/jira/browse/HDFS-12907
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.6.0
>            Reporter: Daryn Sharp
>            Assignee: Rushabh S Shah
>             Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1, 2.8.4
>
>         Attachments: HDFS-12907.001.patch, HDFS-12907.002.patch, 
> HDFS-12907.003.patch, HDFS-12907.004.patch, HDFS-12907.branch-2.004.patch, 
> HDFS-12907.patch
>
>
> HDFS-6509 added a special /.reserved/raw path prefix to access the raw file 
> contents of EZ files.  In the simplest sense it doesn't return the FE info in 
> the {{LocatedBlocks}} so the dfs client doesn't try to decrypt the data.  
> This facilitates allowing tools like distcp to copy raw bytes.
> Access to the raw hierarchy is restricted to superusers.  This seems like an 
> overly broad restriction designed to prevent non-admins from munging the EZ 
> related xattrs.  I believe we should relax the restriction to allow 
> non-admins to perform read-only operations.  Allowing non-superusers to 
> easily read the raw bytes will be extremely useful for regular users, esp. 
> for enabling webhdfs client-side encryption.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to