Implement this entirely in fuse-dfs using the hdfsStat structure which has the owner, group and permissions of a file. Use the 'root' user on the box fuse-dfs is running on as the super user.
This can be done relatively quickly and gives basically the right semantics assuming HDFS is "exported" with no_root_squash which since it doesn't implement authenticating users, it really is.
The only downside is fuse-dfs will not then respect the user that is the superuser for HDFS; they would have to sudo command like everyone else.
This does not introduce any security holes since the user could directly use the Java client or libhdfs to do any operation fuse-dfs can.
Pete Wyckoff added a comment - 17/Sep/08 06:47 PM proposal for the short term:
Implement this entirely in fuse-dfs using the hdfsStat structure which has the owner, group and permissions of a file. Use the 'root' user on the box fuse-dfs is running on as the super user.
This can be done relatively quickly and gives basically the right semantics assuming HDFS is "exported" with no_root_squash which since it doesn't implement authenticating users, it really is.
The only downside is fuse-dfs will not then respect the user that is the superuser for HDFS; they would have to sudo command like everyone else.
This does not introduce any security holes since the user could directly use the Java client or libhdfs to do any operation fuse-dfs can.
Bug
Open
Major
fuse-dfs implement posix access method
Implement this entirely in fuse-dfs using the hdfsStat structure which has the owner, group and permissions of a file. Use the 'root' user on the box fuse-dfs is running on as the super user.
This can be done relatively quickly and gives basically the right semantics assuming HDFS is "exported" with no_root_squash which since it doesn't implement authenticating users, it really is.
The only downside is fuse-dfs will not then respect the user that is the superuser for HDFS; they would have to sudo command like everyone else.
This does not introduce any security holes since the user could directly use the Java client or libhdfs to do any operation fuse-dfs can.