[
https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Lamb updated HDFS-6705:
-------------------------------
Attachment: HDFS-6705.001.patch
The attached patch implements the following:
. A new special xattr in the security namespace:
security.hdfs.unreadable.by.superuser which prevents the superuser from
accessing (read/write/append) the file contents or its metadata (xattrs).
. It can only be set on files.
. It can only be set and never removed.
. It is settable by any user which has hdfs access to that file.
. It is name-only. i.e. it can never have a value.
. Anyone can "list" it.
> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>
> Key: HDFS-6705
> URL: https://issues.apache.org/jira/browse/HDFS-6705
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Reporter: Charles Lamb
> Assignee: Charles Lamb
> Attachments: HDFS-6705.001.patch
>
>
> There needs to be an xattr that specifies that the HDFS admin can not access
> a file. This is needed for m/r delegation tokens and data at rest encryption.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
