[HDFS-12907] Allow read-only access to reserved raw for non-superusers - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 3.1.0, 2.10.0, 2.9.1, 3.0.1, 2.8.4
Component/s: namenode
Labels:
None

Target Version/s:

2.8.3
Hadoop Flags:

Reviewed

Description

~~HDFS-6509~~ added a special /.reserved/raw path prefix to access the raw file contents of EZ files. In the simplest sense it doesn't return the FE info in the LocatedBlocks so the dfs client doesn't try to decrypt the data. This facilitates allowing tools like distcp to copy raw bytes.

Access to the raw hierarchy is restricted to superusers. This seems like an overly broad restriction designed to prevent non-admins from munging the EZ related xattrs. I believe we should relax the restriction to allow non-admins to perform read-only operations. Allowing non-superusers to easily read the raw bytes will be extremely useful for regular users, esp. for enabling webhdfs client-side encryption.