[
https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14119852#comment-14119852
]
Charles Lamb commented on HDFS-6705:
------------------------------------
bq. Hi Charles Lamb and Andrew Wang, could this xattr be something like
SECURITY_CRYPTO_UNREADABLE_BY_SUPERUSER, and only could be set in encryption
zones. Then normal files will not be affected.
Hi [~hitliuyi],
I'm not sure I see how this added restriction would be beneficial. Is there a
specific use case you have in mind? In general, this XATTR is for MR DTs, which
(I suppose) could be either inside or outside an EZ.
> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>
> Key: HDFS-6705
> URL: https://issues.apache.org/jira/browse/HDFS-6705
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Affects Versions: 3.0.0
> Reporter: Charles Lamb
> Assignee: Charles Lamb
> Attachments: HDFS-6705.001.patch, HDFS-6705.002.patch
>
>
> There needs to be an xattr that specifies that the HDFS admin can not access
> a file. This is needed for m/r delegation tokens and data at rest encryption.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
