[
https://issues.apache.org/jira/browse/HDFS-2246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13109771#comment-13109771
]
Suresh Srinivas commented on HDFS-2246:
---------------------------------------
After thinking a bit more about this, I realized the current solution is hard
to use. Changing hbase to run from hbase user to hdfs user requires changing
the ownership of all the HDFS files from hbase to hdfs. This is cumbersome.
Another solution is to consider group based access.
# A group is created with hbase and hdfs in it
# A configuration option on HDFS is added for allowing short circuit access set
to group and user for which it is allowed.
# When this config option is set, datanode during startup modifies storage
directories and files read access to the configured group.
# Datanode#getPathInfo() allows the method call for the user configured in
config option.
# Client still use the keberos authentication to maintain a single RPC proxy,
as proposed earlier.
> Shortcut a local client reads to a Datanodes files directly
> -----------------------------------------------------------
>
> Key: HDFS-2246
> URL: https://issues.apache.org/jira/browse/HDFS-2246
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Sanjay Radia
> Attachments: 0001-HDFS-347.-Local-reads.patch, HDFS-2246.20s.1.patch,
> HDFS-2246.20s.2.txt, HDFS-2246.20s.3.txt, HDFS-2246.20s.4.txt,
> HDFS-2246.20s.patch, localReadShortcut20-security.2patch
>
>
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
