Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13521

NFS Gateway should support impersonation

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      Similar to HDFS-10481, NFS gateway and httpfs are independent processes that accept client connections.
      NFS Gateway currently solves file permission/ownership problem by running as HDFS super user, and then call setOwner() to change file owner.

      This is not desirable.

      1. it adds additional RPC load to NameNode.
      2. this does not support at-rest encryption, because by design, HDFS super user cannot access KMS.

      This is yet another problem around KMS ACL. xiaochen rushabh.shah thoughts?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HDFS-10481 HTTPFS server should correctly impersonate as end user to open file

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              weichiu Wei-Chiu Chuang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: