[jira] Updated: (HADOOP-1298) adding user info to file

["Christophe Taton (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/HADOOP-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christophe Taton updated HADOOP-1298:
-------------------------------------

    Attachment: 1298_2007-09-05g.patch

I rewrote authorizations so that only directories have attached permissions.

The patch is still ~4600 lines. It contains some parts of the required authentication framework HADOOP-1701, and also the entire permission framework HADOOP-1782.

I updated the Policy provider with this new scheme:
- opening/reading a file requires read permission on the parent directory of the file
- listing a directory's content requires read permission on this directory
- creating/deleting a file or a directory into an existing directory requires write permission into that directory
- changing ownership of a directory can only be done by root
- changing the mode of a directory can only be done by root or by the owner of the directory

I updated the test cases to reflect this new semantic.
All JUnit tests pass.

To sum up a bit what it done by this patch:
- most changes are related to introducing a {{Ticket}} parameter to authenticate all RPCs
- a big change in NameNode consists in wrapping all concerned {{ClientProtocol}} methods so as to have them being executed with the appropriate {{AccessControlContext}} (see {{doAsSubject()}}).
- extension of INodes: {{INodeDirectory}} now contains a {{WritablePermissionCollection}}, inducing a small update to the image format to write and read permissions from the disk.
- the concrete permission checking logic is realized in the policy provider {{dfs.DFSPolicy}}
- {{dfs.DFSSecurityManager}} is a helper class that copies the original SecurityManager and ease integration of permission checking in the NameNode.

The default permission associated to files on creation or when upgrading from older versions currently lets directories be owned by root with mode rwxrwxrwx.

What this misses now (I might forget many things here!):
- a real user database
- a shell tool to change permissions
- default permissions for new files should be derived from the principal that creates the file (need to define a umask?)
- groups, to be complete with respect to POSIX...

If it comes that we all agree on this authorization scheme, we could push the permission framework and the extension of INodes now, as this is quite generic to my mind.
Then the ClientProtocol API will need to be updated with authentication Tickets. And finally, the NameNode will have to integrate the authorization checking logic.

I am looking forward to your comments!
Thanks in advance for the time you will spend in this.

> adding user info to file
> ------------------------
>
>                 Key: HADOOP-1298
>                 URL: https://issues.apache.org/jira/browse/HADOOP-1298
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: dfs, fs
>            Reporter: Kurtis Heimerl
>            Assignee: Christophe Taton
>             Fix For: 0.15.0
>
>         Attachments: 1298_2007-08-30a.patch, 1298_2007-09-05g.patch, hadoop-user-munncha.patch17
>
>
> I'm working on adding a permissions model to hadoop's DFS. The first step is this change, which associates user info with files. Following this I'll assoicate permissions info, then block methods based on that user info, then authorization of the user info. 
> So, right now i've implemented adding user info to files. I'm looking for feedback before I clean this up and make it offical. 
> I wasn't sure what release, i'm working off trunk. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.