Hadoop安全之hftp


hftp默认是打开的,允许以浏览器的方式访问和下载文件,以此方式下,可以读取所有文件,留下了安全隐患.

测试如下

/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以bkjia用户在浏览器中输入以下地址,就能下载.
http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024

在hdfs-site.xml中添加以下配置禁用webhdfs

  <property>
    <name>dfs.webhdfs.enabled</name>
    <value>false</value>
  </property>

禁止webhdfs之后,hftp协议可以继续使用.测试如下:
[bkjia@localhost ~]$ Hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=bkjia, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[bkjia@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------  - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x  - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx---  - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x  - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing


/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以bkjia用户在浏览器中输入以下地址,就能下载.

http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024
禁止webhdfs之后,hftp协议可以继续使用.
[bkjia@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=bkjia, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[bkjia@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------  - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x  - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx---  - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x  - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

Ubuntu14.04下Hadoop2.4.1单机/伪分布式安装配置教程 

CentOS安装和配置Hadoop2.2.0 

Ubuntu 13.04上搭建Hadoop环境

Ubuntu 12.10 +Hadoop 1.2.1版本集群配置

Ubuntu上搭建Hadoop环境(单机模式+伪分布模式)

Ubuntu下Hadoop环境的配置

单机版搭建Hadoop环境图文教程详解

相关内容

    暂无相关文章