[ https://issues.apache.org/jira/browse/HADOOP-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242068#comment-13242068 ]
Sanjay Radia commented on HADOOP-8101: -------------------------------------- Background: Hadoop has secure and non-secure mode - authorization is performed in both modes. The difference is how authentication is done. 3 Problems * Problem 1: Group Mappings for HDFS HDFS file permissions are implemented inside HDFS - there is no interaction with the local file system in order to implement these permissions. However, HDFS needs a user-to-group mapping. Currently there is a pluggable module for obtaining a mapping via LDap and via shell commands. We need a group mapping for windows. * Problem 2: HDFS and MR Impl Protecting its local OS resources from Tasks Hadoop impl uses local OS resources such as files and tasks. Hadoop protects these resources from tasks that run on the same hosts. HDFS and MR daemons uses local files & dirs and sets permissions when creating dirs/file and later on checks these permissions. For example, a Datanode sets the permission of its "block dirs" to be unreadable by others when it formats a data node. In some cases the permissions are set using a RawLocalFileSystem's permissions. We need a way to set such protections for windows. * Problem 3: Permissions for RawLocalFileSystem when using Hadoop on a local desktop (no HDFS is involved here). We need to emulate set-permissions and get-permissions APIs of the class FileSystem.java when the local file system and desktop are windows. Hadoop FileSystem permission are the same as those in Unix. > Security changes for Hadoop for Windows > --------------------------------------- > > Key: HADOOP-8101 > URL: https://issues.apache.org/jira/browse/HADOOP-8101 > Project: Hadoop Common > Issue Type: Sub-task > Components: native > Reporter: Sanjay Radia > Attachments: security.patch, security1.patch > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira