Daryn Sharp created HDFS-12907:
----------------------------------
Summary: Allow read-only access to reserved raw for non-superusers
Key: HDFS-12907
URL: https://issues.apache.org/jira/browse/HDFS-12907
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.6.0
Reporter: Daryn Sharp
HDFS-6509 added a special /.reserved/raw path prefix to access the raw file
contents of EZ files. In the simplest sense it doesn't return the FE info in
the {{LocatedBlocks}} so the dfs client doesn't try to decrypt the data. This
facilitates allowing tools like distcp to copy raw bytes.
Access to the raw hierarchy is restricted to superusers. This seems like an
overly broad restriction designed to prevent non-admins from munging the EZ
related xattrs. I believe we should relax the restriction to allow non-admins
to perform read-only operations. Allowing non-superusers to easily read the
raw bytes will be extremely useful for regular users, esp. for enabling webhdfs
client-side encryption.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
