Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-12907

Allow read-only access to reserved raw for non-superusers

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 3.1.0, 2.10.0, 2.9.1, 3.0.1, 2.8.4
    • Component/s: namenode
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      HDFS-6509 added a special /.reserved/raw path prefix to access the raw file contents of EZ files. In the simplest sense it doesn't return the FE info in the LocatedBlocks so the dfs client doesn't try to decrypt the data. This facilitates allowing tools like distcp to copy raw bytes.

      Access to the raw hierarchy is restricted to superusers. This seems like an overly broad restriction designed to prevent non-admins from munging the EZ related xattrs. I believe we should relax the restriction to allow non-admins to perform read-only operations. Allowing non-superusers to easily read the raw bytes will be extremely useful for regular users, esp. for enabling webhdfs client-side encryption.

        Attachments

        1. HDFS-12907.branch-2.004.patch
          11 kB
          Rushabh S Shah
        2. HDFS-12907.004.patch
          11 kB
          Rushabh S Shah
        3. HDFS-12907.003.patch
          11 kB
          Rushabh S Shah
        4. HDFS-12907.002.patch
          5 kB
          Rushabh S Shah
        5. HDFS-12907.001.patch
          3 kB
          Rushabh S Shah
        6. HDFS-12907.patch
          2 kB
          Rushabh S Shah

          Issue Links

            Activity

              People

              • Assignee:
                shahrs87 Rushabh S Shah
                Reporter:
                daryn Daryn Sharp
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: