[
https://issues.apache.org/jira/browse/HDFS-4685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13838821#comment-13838821
]
Tianyou Li commented on HDFS-4685:
----------------------------------
After going through the design document, below questions are still unclear to
me, could you please elaborate more?
1. This proposal constructs file ACLs as a purpose specific extension of
file permission bits but section UC8 mentions that support for attribute based
security can be added later in a “backwards compatible way”. ABAC would seem to
depend on the availability of a facility for labeling files, or a generic
extended attributes feature with labels in extended attributes. Would EAs
and/or labels need to be added later as a new separate feature? If so, then
there could be two mechanisms for making authorization decisions: multiple ACLs
and labels. That seems to increase the possibility of conflicting
authorizations and complexity for the user. How does the proposal handle this?
2. Separation of roles, in the design doc, it is unclear to me that who
can call setacl/getacl. Resource owner might not be the role who can define
security policies. If resource owner takes the arbitrary responsibility to
maintain the access right in complex scenarios, it will be difficult to ensure
global policies to avoid of information leak. could it be better if there is
additional control?
> Implementation of ACLs in HDFS
> ------------------------------
>
> Key: HDFS-4685
> URL: https://issues.apache.org/jira/browse/HDFS-4685
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: hdfs-client, namenode, security
> Affects Versions: 1.1.2
> Reporter: Sachin Jose
> Assignee: Chris Nauroth
> Attachments: HDFS-ACLs-Design-1.pdf
>
>
> Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be
> achieved using getfacl and setfacl utilities. Is there anybody working on
> this feature ?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
