[
https://issues.apache.org/jira/browse/HDFS-6406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999714#comment-13999714
]
Steve Loughran commented on HDFS-6406:
--------------------------------------
# SLF4J doesn't let you at the log4j appender behind a log, so switching to
log4j would break your test. The workaround there is to use commons logging in
the test and request the same log -which is what most of today's tests do. If
you stick with commons logging, it's a non-issue.
# this would be good time to replace the inline {{"nfs3.mountd.port",}} with a
constant.
w.r.t the patch, IMO the port # filter is a relic of the days when NFS lacked
authentication -only identification- and you could control all the workstations
on the lan. The restricted port policy let the root user make requests (if the
exported drive allowed it), and if they claimed to be another user, they were.
Windows doesn't have that same port value and in a world of Linux and Linux
VMs, there can be a lot of unix root admins in a cluster.
summary: it doesn't really boost security, unless the network is really locked
down. But if it is, it may
> Add capability for NFS gateway to reject connections from unprivileged ports
> ----------------------------------------------------------------------------
>
> Key: HDFS-6406
> URL: https://issues.apache.org/jira/browse/HDFS-6406
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: nfs
> Affects Versions: 2.4.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HDFS-6406.patch, HDFS-6406.patch
>
>
> Many NFS servers have the ability to only accept client connections
> originating from privileged ports. It would be nice if the HDFS NFS gateway
> had the same feature.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
