[ https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14119852#comment-14119852 ]
Charles Lamb commented on HDFS-6705: ------------------------------------ bq. Hi Charles Lamb and Andrew Wang, could this xattr be something like SECURITY_CRYPTO_UNREADABLE_BY_SUPERUSER, and only could be set in encryption zones. Then normal files will not be affected. Hi [~hitliuyi], I'm not sure I see how this added restriction would be beneficial. Is there a specific use case you have in mind? In general, this XATTR is for MR DTs, which (I suppose) could be either inside or outside an EZ. > Create an XAttr that disallows the HDFS admin from accessing a file > ------------------------------------------------------------------- > > Key: HDFS-6705 > URL: https://issues.apache.org/jira/browse/HDFS-6705 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode, security > Affects Versions: 3.0.0 > Reporter: Charles Lamb > Assignee: Charles Lamb > Attachments: HDFS-6705.001.patch, HDFS-6705.002.patch > > > There needs to be an xattr that specifies that the HDFS admin can not access > a file. This is needed for m/r delegation tokens and data at rest encryption. -- This message was sent by Atlassian JIRA (v6.3.4#6332)