Users are not properly authenticated in Hadoop

[Foss User <fo...@gmail.com>]

I created a Hadoop cluster. I created a folder in it called '/fossist'
and gave the ownership of that folder only to the user called
'fossist'. Only 'fossist' has write permissions over the folder called
'/fossist'.

However, I see that anyone can easily impersonate as fossist in the
following manner:

1. Connect his laptop to the network.
2. Create a user called 'fossist' in the Linux he is running on his laptop.
3. Configure his conf/hadoop-site.xml to connect to the masters of my cluster.
4. Use the bin/hadoop dfs commands to delete files in the /fossist
directory in HDFS.

Now, if anyone can connect so easily and start deleting files, the
security of the cluster is compromised. Is there anything in Hadoop to
take care of this?

If not, I have to go for other measures like firewalls, etc. But if
something is available in Hadoop itself, it would be great.

Re: Users are not properly authenticated in Hadoop

[Owen O'Malley <om...@apache.org>]

On Apr 5, 2009, at 3:30 AM, Foss User wrote:

> However, I see that anyone can easily impersonate as fossist

Yes, it is easy to work around the security in Hadoop. It is only  
intended to prevent accidents, such as the time a student accidently  
wiped out the entire class' home directories.

> If not, I have to go for other measures like firewalls, etc. But if
> something is available in Hadoop itself, it would be great.

You currently need firewalls to protect Hadoop. There is work underway  
to add real authentication to Hadoop, which enable real security.

-- Owen