[ 
https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791266#comment-16791266
 ] 

Reid Chan commented on HBASE-21995:
-----------------------------------

{quote}And setting the permission to 700 does not mean your cluster is super 
secure, for example if your password or keytab file can be found 
everywhere.{quote}
Human mistakes or carelessness should not be taken into account to judge a 
system is secure or not. HBase itself is a typical secure system, generally 
speaking, because AAA can be guaranteed.


{quote} the permission of the root directory is 700?{quote}
This is secure hbase default behavior, that's why i said 'This feature means to 
break many default behaviors in hbase cluster.' (plus cell ACLs,  visibility 
labels).
{code:title=MasterFileSystem.java|borderStyle=solid}
this.secureRootSubDirPerms = new FsPermission(conf.get("hbase.rootdir.perms", 
"700"));
{code}

To improve performance by loosing access constrains, it is especially not a 
practical move to those clients who deploys their hbase on cloud. With regard 
to this sensitive security issue, I still suggest to come up a better 
workaround, if you insist on implementing this feature, and have consensus 
among members.


> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
>                 Key: HBASE-21995
>                 URL: https://issues.apache.org/jira/browse/HBASE-21995
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Yi Mei
>            Priority: Major
>
> To make hbase granted user have the access to scan table snapshots, use HDFS 
> ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users' 
> permission to '--x' to make everyone have the permission to access the 
> directory.
> 2. For namespace or table directories such as 'data/ns/table', 
> 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and 
> default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>  
> For more details, please reference the design doc: 
> https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to