HDFS-6509 added a special /.reserved/raw path prefix to access the raw file contents of EZ files. In the simplest sense it doesn't return the FE info in the LocatedBlocks so the dfs client doesn't try to decrypt the data. This facilitates allowing tools like distcp to copy raw bytes.
Access to the raw hierarchy is restricted to superusers. This seems like an overly broad restriction designed to prevent non-admins from munging the EZ related xattrs. I believe we should relax the restriction to allow non-admins to perform read-only operations. Allowing non-superusers to easily read the raw bytes will be extremely useful for regular users, esp. for enabling webhdfs client-side encryption.