[jira] [Commented] (HADOOP-8101) Security changes for Hadoop for Windows

Thu, 29 Mar 2012 22:12:25 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8101?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13242068#comment-13242068
 ] 

Sanjay Radia commented on HADOOP-8101:
--------------------------------------

Background: Hadoop has secure and non-secure mode - authorization is performed 
in both modes. The difference is how authentication is done.

3 Problems
* Problem 1: Group Mappings for HDFS
    HDFS file permissions are implemented inside HDFS  - there is no 
interaction with the local file system in order to implement these permissions. 
However,  HDFS needs a user-to-group mapping. Currently there is a pluggable 
module for obtaining a mapping via LDap and via shell commands. We need a group 
mapping for windows.

* Problem 2: HDFS and MR Impl Protecting its local OS resources from Tasks
Hadoop impl uses local OS resources such as files and tasks. Hadoop protects 
these resources from tasks that run on the same hosts. HDFS and MR daemons uses 
local files & dirs and sets permissions when creating dirs/file and later on 
checks these permissions. For example, a Datanode sets the permission of its 
"block dirs" to be unreadable by others when it formats a data node. In some 
cases the permissions are set using a RawLocalFileSystem's permissions. We need 
a way to set such protections for windows.

* Problem 3: Permissions for RawLocalFileSystem when using Hadoop on a local 
desktop (no HDFS is involved here). 
We need to emulate  set-permissions and get-permissions APIs of the class 
FileSystem.java when the local file system and desktop are windows.   Hadoop 
FileSystem permission are the same as those in Unix.
                
> Security changes for Hadoop for Windows
> ---------------------------------------
>
>                 Key: HADOOP-8101
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8101
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: native
>            Reporter: Sanjay Radia
>         Attachments: security.patch, security1.patch
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to