[
https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16790526#comment-16790526
]
Duo Zhang commented on HBASE-21995:
-----------------------------------
{quote}
In secure mode, hbase root dir is 700. How can a user possibly scan snapshots
without access ability to hbase dir, not to mentioned subdirs. You may say "we
can change the default mode of root dir", then how dare you declare your hbase
cluster is in secure.
{quote}
The word secure here just means you have kerberos authentication enabled, not
mean your cluster is super secure. And setting the permission to 700 does not
mean your cluster is super secure, for example if your password or keytab file
can be found everywhere.
And if the HDFS and HBase cluster share the same kerberos account system, then
I think it is fine to expose the files for a table on the HDFS to the users who
has the permission to read the table, of course, the permission should be read
only.
And out of interest, the permission of the root directory on your secure HDFS
cluster is 700? If not, why you think the root dir for a secure HBase cluster
must be 700? And we could keep it 700 if you want, just do not enable this
feature, and if this feature is enabled, the permission will be 750.
Thanks.
> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
> Key: HBASE-21995
> URL: https://issues.apache.org/jira/browse/HBASE-21995
> Project: HBase
> Issue Type: Sub-task
> Reporter: Yi Mei
> Priority: Major
>
> To make hbase granted user have the access to scan table snapshots, use HDFS
> ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users'
> permission to '--x' to make everyone have the permission to access the
> directory.
> 2. For namespace or table directories such as 'data/ns/table',
> 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and
> default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>
> For more details, please reference the design doc:
> https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)