[HDFS-6393] User settable xAttr to stop HDFS admins from reading/chowning a file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: namenode, security
Labels:
None

Description

A user should be able to set an xAttr on any file in HDFS to stop an HDFS admin user from reading the file. The blacklist for chown/chgrp would also enforced.

This will stop an HDFS admin from gaining access to job token files and getting HDFS DelegationTokens that would allow him/her to read an encrypted file.

Attachments

Activity

People

Assignee:: Charles Lamb

Reporter:: Alejandro Abdelnur

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/May/14 20:33

Updated:: 20/Jun/14 21:54

Resolved:: 17/Jun/14 23:05