Description
A user should be able to set an xAttr on any file in HDFS to stop an HDFS admin user from reading the file. The blacklist for chown/chgrp would also enforced.
This will stop an HDFS admin from gaining access to job token files and getting HDFS DelegationTokens that would allow him/her to read an encrypted file.