[
https://issues.apache.org/jira/browse/HADOOP-10758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107792#comment-16107792
]
Xiao Chen commented on HADOOP-10758:
------------------------------------
Thanks for the continuing on this [~lars_francke], and for the interest for a
doc patch.
I agree the cluster may have security holes exposed, if the ACLs are not
configured correctly. The solution IMO, is to make our docs better so people
are aware of this, and more unlikely to configure their cluster to expose such
holes. I don't see a way of software level 'fix' to stop mis-configurations.
Perhaps we can log a warning if MANAGEMENT is open to everyone, to be proactive.
[HDFS permission
guide|http://hadoop.apache.org/docs/r3.0.0-alpha2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html]
may also come in handy for some ideas to improve this.
> KMS: add ACLs on per key basis.
> -------------------------------
>
> Key: HADOOP-10758
> URL: https://issues.apache.org/jira/browse/HADOOP-10758
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0-alpha1
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-10758.1.patch, HADOOP-10758.2.patch,
> HADOOP-10758.3.patch, HADOOP-10758.4.patch, HADOOP-10758.5.patch,
> HADOOP-10758.6.patch, HADOOP-10758.7.patch, HADOOP-10758.8.patch,
> HADOOP-10758.9.patch
>
>
> The KMS server should enforce ACLs on per key basis.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
