[
https://issues.apache.org/jira/browse/HDFS-6509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14071010#comment-14071010
]
Charles Lamb commented on HDFS-6509:
------------------------------------
bq. So let me apologize in advance. But this jira makes me wonder: what happens
when a non-admin uses distcp? .e.g., a lot of systems are configured that don't
allow HDFS to run MR jobs. Will they not be allowed to distcp encrypted data?
Hi Allen,
No problem on not following closely. I see you've been very busy sifting
through a lot of old Jiras.
The doc on HDFS-6509 has more details, but the net of it is that non-admin
users may use distcp. This was a goal of our design.
The /.reserved/raw namespace is accessible by non-admin users and normal
permissions apply. Using that hierarchy only results in seeing the encrypted
(raw) bytes of a file.
> create a /.reserved/raw filesystem namespace
> --------------------------------------------
>
> Key: HDFS-6509
> URL: https://issues.apache.org/jira/browse/HDFS-6509
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Charles Lamb
> Assignee: Charles Lamb
> Attachments: HDFS-6509.001.patch,
> HDFS-6509distcpandDataatRestEncryption-2.pdf,
> HDFS-6509distcpandDataatRestEncryption.pdf
>
>
> This is part of the work for making distcp work with Data at Rest Encryption.
> Per the attached document, create a /.reserved/raw HDFS filesystem namespace
> that allows access to the encrypted bytes of a file.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
