[ https://issues.apache.org/jira/browse/HDFS-6393?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Charles Lamb resolved HDFS-6393. -------------------------------- Resolution: Not a Problem This is no longer a problem now that the NN will never handle key material. All access to key material is handled through the KMS access control mechanisms. > User settable xAttr to stop HDFS admins from reading/chowning a file > -------------------------------------------------------------------- > > Key: HDFS-6393 > URL: https://issues.apache.org/jira/browse/HDFS-6393 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode, security > Reporter: Alejandro Abdelnur > Assignee: Charles Lamb > > A user should be able to set an xAttr on any file in HDFS to stop an HDFS > admin user from reading the file. The blacklist for chown/chgrp would also > enforced. > This will stop an HDFS admin from gaining access to job token files and > getting HDFS DelegationTokens that would allow him/her to read an encrypted > file. -- This message was sent by Atlassian JIRA (v6.2#6252)