You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Wei-Chiu Chuang (JIRA)" <ji...@apache.org> on 2018/05/02 20:54:00 UTC

[jira] [Created] (HDFS-13521) NFS Gateway should support impersonation

Wei-Chiu Chuang created HDFS-13521:
--------------------------------------

             Summary: NFS Gateway should support impersonation
                 Key: HDFS-13521
                 URL: https://issues.apache.org/jira/browse/HDFS-13521
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: Wei-Chiu Chuang


Similar to HDFS-10481, NFS gateway and httpfs are independent processes that accept client connections.
NFS Gateway currently solves file permission/ownership problem by running as HDFS super user, and then call setOwner() to change file owner.

This is not desirable.
# it adds additional RPC load to NameNode. 
#  this does not support at-rest encryption, because by design, HDFS super user cannot access KMS.

This is yet another problem around KMS ACL. [~xiaochen] [~rushabh.shah] thoughts?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org