hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15600) Set default proxy user settings to non-routable IP addresses and default users group
Date Thu, 26 Jul 2018 05:06:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16556907#comment-16556907

Eric Yang commented on HADOOP-15600:

[~daryn] Thank you for your reply, but not everyone has the time to dedicate their life into
serving the servers to tweak every configuration to keep the cluster secure.  Hadoop has become
difficult to secure because the default configuration is open.  It is arguing against common
sense that anyone who tries to deploy a Hadoop cluster must be a Hadoop security expert before
they can deploy.  There are already bots developed to attack Hadoop clusters.  It is not practical
to demand users to have the perfect configuration before they can start any Hadoop daemon.
 Bigtop and Ambari already have default proxy user configuration.  It would be equally dangerous
to run without proxy user configuration because node manager would be able to read/write data
node blocks when they are owned by the same user.  What do you think people do when they deploy
KMS?  Do they deploy KMS server as hdfs user or another user?  There are scenarios that have
blurry and vague suggestions and we both know that you don't have all answers.  The community
needs to reach a better default settings and tighten security in code to help new users fend
off bot attacks.  This is the intend of the JIRA.  It would not be productive to start religious
debate that admin != root.  Please keep the discussion civil.  Thanks

> Set default proxy user settings to non-routable IP addresses and default users group
> ------------------------------------------------------------------------------------
>                 Key: HADOOP-15600
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15600
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Eric Yang
>            Priority: Major
> The default setting to restrict the cluster nodes to communicate with peer nodes are
controlled by: hadoop.proxyuser.[hdfs.yarn].hosts, and hadoop.proxyuser.[hdfs|yarn].groups.
 These settings are default to be opened which allows any hosts to impersonate any user.
> The proposal is to default settings to:
> {code}
>     <property>
>       <name>hadoop.proxyuser.hdfs.hosts</name>
>       <value>,,,,</value>
>     </property>
>     <property>
>       <name>hadoop.proxyuser.hdfs.groups</name>
>       <value>users</value>
>     </property>
>     <property>
>       <name>hadoop.proxyuser.yarn.hosts</name>
>       <value>,,,,</value>
>     </property>
>     <property>
>       <name>hadoop.proxyuser.yarn.groups</name>
>       <value>users</value>
>     </property>
> {code}
> This will allow the cluster to default to a closed network and default "users" group
to reduce risks.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message