[
https://issues.apache.org/jira/browse/HBASE-21995?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791266#comment-16791266
]
Reid Chan commented on HBASE-21995:
-----------------------------------
{quote}And setting the permission to 700 does not mean your cluster is super
secure, for example if your password or keytab file can be found
everywhere.{quote}
Human mistakes or carelessness should not be taken into account to judge a
system is secure or not. HBase itself is a typical secure system, generally
speaking, because AAA can be guaranteed.
{quote} the permission of the root directory is 700?{quote}
This is secure hbase default behavior, that's why i said 'This feature means to
break many default behaviors in hbase cluster.' (plus cell ACLs, visibility
labels).
{code:title=MasterFileSystem.java|borderStyle=solid}
this.secureRootSubDirPerms = new FsPermission(conf.get("hbase.rootdir.perms",
"700"));
{code}
To improve performance by loosing access constrains, it is especially not a
practical move to those clients who deploys their hbase on cloud. With regard
to this sensitive security issue, I still suggest to come up a better
workaround, if you insist on implementing this feature, and have consensus
among members.
> Add a coprocessor to set HDFS ACL for hbase granted user
> --------------------------------------------------------
>
> Key: HBASE-21995
> URL: https://issues.apache.org/jira/browse/HBASE-21995
> Project: HBase
> Issue Type: Sub-task
> Reporter: Yi Mei
> Priority: Major
>
> To make hbase granted user have the access to scan table snapshots, use HDFS
> ACLs to set user read permission over hfiles.
> The basic implementation is:
> 1. For public directories such as 'data' and 'archive', set other users'
> permission to '--x' to make everyone have the permission to access the
> directory.
> 2. For namespace or table directories such as 'data/ns/table',
> 'archive/ns/table' and '.hbase-snapshot/snapshotName', set user 'r-x' acl and
> default 'r-x' acl when following operations happen:
> grant to namespace or table / revoke from namespace or table / snapshot table
>
> For more details, please reference the design doc:
> https://docs.google.com/document/d/1D2iAdbrW5CcKc2SthJBXA1n2tTMTftuVaFtxbOWFuqM/edit#heading=h.uwo33s7kz427
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)