You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-user@hadoop.apache.org by Yu Xi <ge...@gmail.com> on 2010/01/05 16:44:14 UTC

Security Mechanisms in HDFS

Hi list,

Could any hadoop gurus tell me what kinds of security mechanisms are
already(or planed to be) implemented in hadoop filesystem?

I know there're some kind of Linux-like 9 bits(ie. ower,group,other) access
control existing in hdfs. Unfortunately there're no user authentication
modules. Seems like a big defect for hdfs since without authentication, user
authorization makes little sense. It has mentioned in the official HDFS docs
that another Kerberos authentication module will be added to HDFS in the
future. Could anybody tell me when this will happen?

And i'm just curious is there any other security mechanisms already
implemented in hdfs in addition to those i mentioned above...
pls help, thanks a lot.

-- 
Regards
Xi Yu (禹熹)

Jonathan Swift<http://www.brainyquote.com/quotes/authors/j/jonathan_swift.html>
- "May you live every day of your life."

Re: Security Mechanisms in HDFS

Posted by Owen O'Malley <om...@apache.org>.

On Jan 5, 2010, at 7:44 AM, Yu Xi wrote:

> Could any hadoop gurus tell me what kinds of security mechanisms are
> already(or planed to be) implemented in hadoop filesystem?

It looks like you've found the ones that are already there.  You can  
see my slides about it here:

http://www.slideshare.net/oom65/plugging-the-holes-security-and-compatability-in-hadoop

We are actively working on it and have published a design document here:

http://bit.ly/75011o

-- Owen

> I know there're some kind of Linux-like 9 bits(ie. ower,group,other)  
> access
> control existing in hdfs. Unfortunately there're no user  
> authentication
> modules. Seems like a big defect for hdfs since without  
> authentication, user
> authorization makes little sense.

It is enough to keep people from deleting things accidently, like the  
student that accidently deleted /Users.

> It has mentioned in the official HDFS docs
> that another Kerberos authentication module will be added to HDFS in  
> the
> future. Could anybody tell me when this will happen?

We are planning to be feature complete in Feb 2010. We are also back  
porting the changes into Yahoo's 20 branch as well as putting them  
into trunk.

-- Owen

Re: Security Mechanisms in HDFS

Posted by Owen O'Malley <om...@apache.org>.

On Jan 5, 2010, at 7:44 AM, Yu Xi wrote:

> Could any hadoop gurus tell me what kinds of security mechanisms are
> already(or planed to be) implemented in hadoop filesystem?

It looks like you've found the ones that are already there.  You can  
see my slides about it here:

http://www.slideshare.net/oom65/plugging-the-holes-security-and-compatability-in-hadoop

We are actively working on it and have published a design document here:

http://bit.ly/75011o

-- Owen

> I know there're some kind of Linux-like 9 bits(ie. ower,group,other)  
> access
> control existing in hdfs. Unfortunately there're no user  
> authentication
> modules. Seems like a big defect for hdfs since without  
> authentication, user
> authorization makes little sense.

It is enough to keep people from deleting things accidently, like the  
student that accidently deleted /Users.

> It has mentioned in the official HDFS docs
> that another Kerberos authentication module will be added to HDFS in  
> the
> future. Could anybody tell me when this will happen?

We are planning to be feature complete in Feb 2010. We are also back  
porting the changes into Yahoo's 20 branch as well as putting them  
into trunk.

-- Owen