1 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
---|
2 | <html> |
---|
3 | <head> |
---|
4 | <META http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
---|
5 | <meta content="Apache Forrest" name="Generator"> |
---|
6 | <meta name="Forrest-version" content="0.8"> |
---|
7 | <meta name="Forrest-skin-name" content="pelt"> |
---|
8 | <title>Service Level Authorization Guide</title> |
---|
9 | <link type="text/css" href="skin/basic.css" rel="stylesheet"> |
---|
10 | <link media="screen" type="text/css" href="skin/screen.css" rel="stylesheet"> |
---|
11 | <link media="print" type="text/css" href="skin/print.css" rel="stylesheet"> |
---|
12 | <link type="text/css" href="skin/profile.css" rel="stylesheet"> |
---|
13 | <script src="skin/getBlank.js" language="javascript" type="text/javascript"></script><script src="skin/getMenu.js" language="javascript" type="text/javascript"></script><script src="skin/fontsize.js" language="javascript" type="text/javascript"></script> |
---|
14 | <link rel="shortcut icon" href="images/favicon.ico"> |
---|
15 | </head> |
---|
16 | <body onload="init()"> |
---|
17 | <script type="text/javascript">ndeSetTextSize();</script> |
---|
18 | <div id="top"> |
---|
19 | <!--+ |
---|
20 | |breadtrail |
---|
21 | +--> |
---|
22 | <div class="breadtrail"> |
---|
23 | <a href="http://www.apache.org/">Apache</a> > <a href="http://hadoop.apache.org/">Hadoop</a> > <a href="http://hadoop.apache.org/core/">Core</a><script src="skin/breadcrumbs.js" language="JavaScript" type="text/javascript"></script> |
---|
24 | </div> |
---|
25 | <!--+ |
---|
26 | |header |
---|
27 | +--> |
---|
28 | <div class="header"> |
---|
29 | <!--+ |
---|
30 | |start group logo |
---|
31 | +--> |
---|
32 | <div class="grouplogo"> |
---|
33 | <a href="http://hadoop.apache.org/"><img class="logoImage" alt="Hadoop" src="images/hadoop-logo.jpg" title="Apache Hadoop"></a> |
---|
34 | </div> |
---|
35 | <!--+ |
---|
36 | |end group logo |
---|
37 | +--> |
---|
38 | <!--+ |
---|
39 | |start Project Logo |
---|
40 | +--> |
---|
41 | <div class="projectlogo"> |
---|
42 | <a href="http://hadoop.apache.org/core/"><img class="logoImage" alt="Hadoop" src="images/core-logo.gif" title="Scalable Computing Platform"></a> |
---|
43 | </div> |
---|
44 | <!--+ |
---|
45 | |end Project Logo |
---|
46 | +--> |
---|
47 | <!--+ |
---|
48 | |start Search |
---|
49 | +--> |
---|
50 | <div class="searchbox"> |
---|
51 | <form action="http://www.google.com/search" method="get" class="roundtopsmall"> |
---|
52 | <input value="hadoop.apache.org" name="sitesearch" type="hidden"><input onFocus="getBlank (this, 'Search the site with google');" size="25" name="q" id="query" type="text" value="Search the site with google"> |
---|
53 | <input name="Search" value="Search" type="submit"> |
---|
54 | </form> |
---|
55 | </div> |
---|
56 | <!--+ |
---|
57 | |end search |
---|
58 | +--> |
---|
59 | <!--+ |
---|
60 | |start Tabs |
---|
61 | +--> |
---|
62 | <ul id="tabs"> |
---|
63 | <li> |
---|
64 | <a class="unselected" href="http://hadoop.apache.org/core/">Project</a> |
---|
65 | </li> |
---|
66 | <li> |
---|
67 | <a class="unselected" href="http://wiki.apache.org/hadoop">Wiki</a> |
---|
68 | </li> |
---|
69 | <li class="current"> |
---|
70 | <a class="selected" href="index.html">Hadoop 0.20 Documentation</a> |
---|
71 | </li> |
---|
72 | </ul> |
---|
73 | <!--+ |
---|
74 | |end Tabs |
---|
75 | +--> |
---|
76 | </div> |
---|
77 | </div> |
---|
78 | <div id="main"> |
---|
79 | <div id="publishedStrip"> |
---|
80 | <!--+ |
---|
81 | |start Subtabs |
---|
82 | +--> |
---|
83 | <div id="level2tabs"></div> |
---|
84 | <!--+ |
---|
85 | |end Endtabs |
---|
86 | +--> |
---|
87 | <script type="text/javascript"><!-- |
---|
88 | document.write("Last Published: " + document.lastModified); |
---|
89 | // --></script> |
---|
90 | </div> |
---|
91 | <!--+ |
---|
92 | |breadtrail |
---|
93 | +--> |
---|
94 | <div class="breadtrail"> |
---|
95 | |
---|
96 | |
---|
97 | </div> |
---|
98 | <!--+ |
---|
99 | |start Menu, mainarea |
---|
100 | +--> |
---|
101 | <!--+ |
---|
102 | |start Menu |
---|
103 | +--> |
---|
104 | <div id="menu"> |
---|
105 | <div onclick="SwitchMenu('menu_1.1', 'skin/')" id="menu_1.1Title" class="menutitle">Getting Started</div> |
---|
106 | <div id="menu_1.1" class="menuitemgroup"> |
---|
107 | <div class="menuitem"> |
---|
108 | <a href="index.html">Overview</a> |
---|
109 | </div> |
---|
110 | <div class="menuitem"> |
---|
111 | <a href="quickstart.html">Quick Start</a> |
---|
112 | </div> |
---|
113 | <div class="menuitem"> |
---|
114 | <a href="cluster_setup.html">Cluster Setup</a> |
---|
115 | </div> |
---|
116 | <div class="menuitem"> |
---|
117 | <a href="mapred_tutorial.html">Map/Reduce Tutorial</a> |
---|
118 | </div> |
---|
119 | </div> |
---|
120 | <div onclick="SwitchMenu('menu_selected_1.2', 'skin/')" id="menu_selected_1.2Title" class="menutitle" style="background-image: url('skin/images/chapter_open.gif');">Programming Guides</div> |
---|
121 | <div id="menu_selected_1.2" class="selectedmenuitemgroup" style="display: block;"> |
---|
122 | <div class="menuitem"> |
---|
123 | <a href="commands_manual.html">Commands</a> |
---|
124 | </div> |
---|
125 | <div class="menuitem"> |
---|
126 | <a href="distcp.html">DistCp</a> |
---|
127 | </div> |
---|
128 | <div class="menuitem"> |
---|
129 | <a href="native_libraries.html">Native Libraries</a> |
---|
130 | </div> |
---|
131 | <div class="menuitem"> |
---|
132 | <a href="streaming.html">Streaming</a> |
---|
133 | </div> |
---|
134 | <div class="menuitem"> |
---|
135 | <a href="fair_scheduler.html">Fair Scheduler</a> |
---|
136 | </div> |
---|
137 | <div class="menuitem"> |
---|
138 | <a href="capacity_scheduler.html">Capacity Scheduler</a> |
---|
139 | </div> |
---|
140 | <div class="menupage"> |
---|
141 | <div class="menupagetitle">Service Level Authorization</div> |
---|
142 | </div> |
---|
143 | <div class="menuitem"> |
---|
144 | <a href="vaidya.html">Vaidya</a> |
---|
145 | </div> |
---|
146 | <div class="menuitem"> |
---|
147 | <a href="hadoop_archives.html">Archives</a> |
---|
148 | </div> |
---|
149 | </div> |
---|
150 | <div onclick="SwitchMenu('menu_1.3', 'skin/')" id="menu_1.3Title" class="menutitle">HDFS</div> |
---|
151 | <div id="menu_1.3" class="menuitemgroup"> |
---|
152 | <div class="menuitem"> |
---|
153 | <a href="hdfs_user_guide.html">User Guide</a> |
---|
154 | </div> |
---|
155 | <div class="menuitem"> |
---|
156 | <a href="hdfs_design.html">Architecture</a> |
---|
157 | </div> |
---|
158 | <div class="menuitem"> |
---|
159 | <a href="hdfs_shell.html">File System Shell Guide</a> |
---|
160 | </div> |
---|
161 | <div class="menuitem"> |
---|
162 | <a href="hdfs_permissions_guide.html">Permissions Guide</a> |
---|
163 | </div> |
---|
164 | <div class="menuitem"> |
---|
165 | <a href="hdfs_quota_admin_guide.html">Quotas Guide</a> |
---|
166 | </div> |
---|
167 | <div class="menuitem"> |
---|
168 | <a href="SLG_user_guide.html">Synthetic Load Generator Guide</a> |
---|
169 | </div> |
---|
170 | <div class="menuitem"> |
---|
171 | <a href="libhdfs.html">C API libhdfs</a> |
---|
172 | </div> |
---|
173 | </div> |
---|
174 | <div onclick="SwitchMenu('menu_1.4', 'skin/')" id="menu_1.4Title" class="menutitle">HOD</div> |
---|
175 | <div id="menu_1.4" class="menuitemgroup"> |
---|
176 | <div class="menuitem"> |
---|
177 | <a href="hod_user_guide.html">User Guide</a> |
---|
178 | </div> |
---|
179 | <div class="menuitem"> |
---|
180 | <a href="hod_admin_guide.html">Admin Guide</a> |
---|
181 | </div> |
---|
182 | <div class="menuitem"> |
---|
183 | <a href="hod_config_guide.html">Config Guide</a> |
---|
184 | </div> |
---|
185 | </div> |
---|
186 | <div onclick="SwitchMenu('menu_1.5', 'skin/')" id="menu_1.5Title" class="menutitle">Miscellaneous</div> |
---|
187 | <div id="menu_1.5" class="menuitemgroup"> |
---|
188 | <div class="menuitem"> |
---|
189 | <a href="api/index.html">API Docs</a> |
---|
190 | </div> |
---|
191 | <div class="menuitem"> |
---|
192 | <a href="jdiff/changes.html">API Changes</a> |
---|
193 | </div> |
---|
194 | <div class="menuitem"> |
---|
195 | <a href="http://wiki.apache.org/hadoop/">Wiki</a> |
---|
196 | </div> |
---|
197 | <div class="menuitem"> |
---|
198 | <a href="http://wiki.apache.org/hadoop/FAQ">FAQ</a> |
---|
199 | </div> |
---|
200 | <div class="menuitem"> |
---|
201 | <a href="releasenotes.html">Release Notes</a> |
---|
202 | </div> |
---|
203 | <div class="menuitem"> |
---|
204 | <a href="changes.html">Change Log</a> |
---|
205 | </div> |
---|
206 | </div> |
---|
207 | <div id="credit"></div> |
---|
208 | <div id="roundbottom"> |
---|
209 | <img style="display: none" class="corner" height="15" width="15" alt="" src="skin/images/rc-b-l-15-1body-2menu-3menu.png"></div> |
---|
210 | <!--+ |
---|
211 | |alternative credits |
---|
212 | +--> |
---|
213 | <div id="credit2"></div> |
---|
214 | </div> |
---|
215 | <!--+ |
---|
216 | |end Menu |
---|
217 | +--> |
---|
218 | <!--+ |
---|
219 | |start content |
---|
220 | +--> |
---|
221 | <div id="content"> |
---|
222 | <div title="Portable Document Format" class="pdflink"> |
---|
223 | <a class="dida" href="service_level_auth.pdf"><img alt="PDF -icon" src="skin/images/pdfdoc.gif" class="skin"><br> |
---|
224 | PDF</a> |
---|
225 | </div> |
---|
226 | <h1>Service Level Authorization Guide</h1> |
---|
227 | <div id="minitoc-area"> |
---|
228 | <ul class="minitoc"> |
---|
229 | <li> |
---|
230 | <a href="#Purpose">Purpose</a> |
---|
231 | </li> |
---|
232 | <li> |
---|
233 | <a href="#Pre-requisites">Pre-requisites</a> |
---|
234 | </li> |
---|
235 | <li> |
---|
236 | <a href="#Overview">Overview</a> |
---|
237 | </li> |
---|
238 | <li> |
---|
239 | <a href="#Configuration">Configuration</a> |
---|
240 | <ul class="minitoc"> |
---|
241 | <li> |
---|
242 | <a href="#Enable+Service+Level+Authorization">Enable Service Level Authorization</a> |
---|
243 | </li> |
---|
244 | <li> |
---|
245 | <a href="#Hadoop+Services+and+Configuration+Properties">Hadoop Services and Configuration Properties</a> |
---|
246 | </li> |
---|
247 | <li> |
---|
248 | <a href="#Access+Control+Lists">Access Control Lists</a> |
---|
249 | </li> |
---|
250 | <li> |
---|
251 | <a href="#Refreshing+Service+Level+Authorization+Configuration">Refreshing Service Level Authorization Configuration</a> |
---|
252 | </li> |
---|
253 | <li> |
---|
254 | <a href="#Examples">Examples</a> |
---|
255 | </li> |
---|
256 | </ul> |
---|
257 | </li> |
---|
258 | </ul> |
---|
259 | </div> |
---|
260 | |
---|
261 | |
---|
262 | <a name="N1000D"></a><a name="Purpose"></a> |
---|
263 | <h2 class="h3">Purpose</h2> |
---|
264 | <div class="section"> |
---|
265 | <p>This document describes how to configure and manage <em>Service Level |
---|
266 | Authorization</em> for Hadoop.</p> |
---|
267 | </div> |
---|
268 | |
---|
269 | |
---|
270 | <a name="N1001A"></a><a name="Pre-requisites"></a> |
---|
271 | <h2 class="h3">Pre-requisites</h2> |
---|
272 | <div class="section"> |
---|
273 | <p>Ensure that Hadoop is installed, configured and setup correctly. More |
---|
274 | details:</p> |
---|
275 | <ul> |
---|
276 | |
---|
277 | <li> |
---|
278 | |
---|
279 | <a href="quickstart.html">Hadoop Quick Start</a> for first-time users. |
---|
280 | </li> |
---|
281 | |
---|
282 | <li> |
---|
283 | |
---|
284 | <a href="cluster_setup.html">Hadoop Cluster Setup</a> for large, |
---|
285 | distributed clusters. |
---|
286 | </li> |
---|
287 | |
---|
288 | </ul> |
---|
289 | </div> |
---|
290 | |
---|
291 | |
---|
292 | <a name="N10035"></a><a name="Overview"></a> |
---|
293 | <h2 class="h3">Overview</h2> |
---|
294 | <div class="section"> |
---|
295 | <p>Service Level Authorization is the initial authorization mechanism to |
---|
296 | ensure clients connecting to a particular Hadoop <em>service</em> have the |
---|
297 | necessary, pre-configured, permissions and are authorized to access the given |
---|
298 | service. For e.g. a Map/Reduce cluster can use this mechanism to allow a |
---|
299 | configured list of users/groups to submit jobs.</p> |
---|
300 | <p>The <span class="codefrag">${HADOOP_CONF_DIR}/hadoop-policy.xml</span> configuration file |
---|
301 | is used to define the access control lists for various Hadoop services.</p> |
---|
302 | <p>Service Level Authorization is performed much before to other access |
---|
303 | control checks such as file-permission checks, access control on job queues |
---|
304 | etc.</p> |
---|
305 | </div> |
---|
306 | |
---|
307 | |
---|
308 | <a name="N1004B"></a><a name="Configuration"></a> |
---|
309 | <h2 class="h3">Configuration</h2> |
---|
310 | <div class="section"> |
---|
311 | <p>This section describes how to configure service-level authorization |
---|
312 | via the configuration file <span class="codefrag">{HADOOP_CONF_DIR}/hadoop-policy.xml</span>. |
---|
313 | </p> |
---|
314 | <a name="N10057"></a><a name="Enable+Service+Level+Authorization"></a> |
---|
315 | <h3 class="h4">Enable Service Level Authorization</h3> |
---|
316 | <p>By default, service-level authorization is disabled for Hadoop. To |
---|
317 | enable it set the configuration property |
---|
318 | <span class="codefrag">hadoop.security.authorization</span> to <strong>true</strong> |
---|
319 | in <span class="codefrag">${HADOOP_CONF_DIR}/core-site.xml</span>.</p> |
---|
320 | <a name="N1006A"></a><a name="Hadoop+Services+and+Configuration+Properties"></a> |
---|
321 | <h3 class="h4">Hadoop Services and Configuration Properties</h3> |
---|
322 | <p>This section lists the various Hadoop services and their configuration |
---|
323 | knobs:</p> |
---|
324 | <table class="ForrestTable" cellspacing="1" cellpadding="4"> |
---|
325 | |
---|
326 | <tr> |
---|
327 | |
---|
328 | <th colspan="1" rowspan="1">Property</th> |
---|
329 | <th colspan="1" rowspan="1">Service</th> |
---|
330 | |
---|
331 | </tr> |
---|
332 | |
---|
333 | <tr> |
---|
334 | |
---|
335 | <td colspan="1" rowspan="1"><span class="codefrag">security.client.protocol.acl</span></td> |
---|
336 | <td colspan="1" rowspan="1">ACL for ClientProtocol, which is used by user code via the |
---|
337 | DistributedFileSystem.</td> |
---|
338 | |
---|
339 | </tr> |
---|
340 | |
---|
341 | <tr> |
---|
342 | |
---|
343 | <td colspan="1" rowspan="1"><span class="codefrag">security.client.datanode.protocol.acl</span></td> |
---|
344 | <td colspan="1" rowspan="1">ACL for ClientDatanodeProtocol, the client-to-datanode protocol |
---|
345 | for block recovery.</td> |
---|
346 | |
---|
347 | </tr> |
---|
348 | |
---|
349 | <tr> |
---|
350 | |
---|
351 | <td colspan="1" rowspan="1"><span class="codefrag">security.datanode.protocol.acl</span></td> |
---|
352 | <td colspan="1" rowspan="1">ACL for DatanodeProtocol, which is used by datanodes to |
---|
353 | communicate with the namenode.</td> |
---|
354 | |
---|
355 | </tr> |
---|
356 | |
---|
357 | <tr> |
---|
358 | |
---|
359 | <td colspan="1" rowspan="1"><span class="codefrag">security.inter.datanode.protocol.acl</span></td> |
---|
360 | <td colspan="1" rowspan="1">ACL for InterDatanodeProtocol, the inter-datanode protocol |
---|
361 | for updating generation timestamp.</td> |
---|
362 | |
---|
363 | </tr> |
---|
364 | |
---|
365 | <tr> |
---|
366 | |
---|
367 | <td colspan="1" rowspan="1"><span class="codefrag">security.namenode.protocol.acl</span></td> |
---|
368 | <td colspan="1" rowspan="1">ACL for NamenodeProtocol, the protocol used by the secondary |
---|
369 | namenode to communicate with the namenode.</td> |
---|
370 | |
---|
371 | </tr> |
---|
372 | |
---|
373 | <tr> |
---|
374 | |
---|
375 | <td colspan="1" rowspan="1"><span class="codefrag">security.inter.tracker.protocol.acl</span></td> |
---|
376 | <td colspan="1" rowspan="1">ACL for InterTrackerProtocol, used by the tasktrackers to |
---|
377 | communicate with the jobtracker.</td> |
---|
378 | |
---|
379 | </tr> |
---|
380 | |
---|
381 | <tr> |
---|
382 | |
---|
383 | <td colspan="1" rowspan="1"><span class="codefrag">security.job.submission.protocol.acl</span></td> |
---|
384 | <td colspan="1" rowspan="1">ACL for JobSubmissionProtocol, used by job clients to |
---|
385 | communciate with the jobtracker for job submission, querying job status |
---|
386 | etc.</td> |
---|
387 | |
---|
388 | </tr> |
---|
389 | |
---|
390 | <tr> |
---|
391 | |
---|
392 | <td colspan="1" rowspan="1"><span class="codefrag">security.task.umbilical.protocol.acl</span></td> |
---|
393 | <td colspan="1" rowspan="1">ACL for TaskUmbilicalProtocol, used by the map and reduce |
---|
394 | tasks to communicate with the parent tasktracker.</td> |
---|
395 | |
---|
396 | </tr> |
---|
397 | |
---|
398 | <tr> |
---|
399 | |
---|
400 | <td colspan="1" rowspan="1"><span class="codefrag">security.refresh.policy.protocol.acl</span></td> |
---|
401 | <td colspan="1" rowspan="1">ACL for RefreshAuthorizationPolicyProtocol, used by the |
---|
402 | dfsadmin and mradmin commands to refresh the security policy in-effect. |
---|
403 | </td> |
---|
404 | |
---|
405 | </tr> |
---|
406 | |
---|
407 | </table> |
---|
408 | <a name="N10102"></a><a name="Access+Control+Lists"></a> |
---|
409 | <h3 class="h4">Access Control Lists</h3> |
---|
410 | <p> |
---|
411 | <span class="codefrag">${HADOOP_CONF_DIR}/hadoop-policy.xml</span> defines an access |
---|
412 | control list for each Hadoop service. Every access control list has a |
---|
413 | simple format:</p> |
---|
414 | <p>The list of users and groups are both comma separated list of names. |
---|
415 | The two lists are separated by a space.</p> |
---|
416 | <p>Example: <span class="codefrag">user1,user2 group1,group2</span>.</p> |
---|
417 | <p>Add a blank at the beginning of the line if only a list of groups |
---|
418 | is to be provided, equivalently a comman-separated list of users followed |
---|
419 | by a space or nothing implies only a set of given users.</p> |
---|
420 | <p>A special value of <strong>*</strong> implies that all users are |
---|
421 | allowed to access the service.</p> |
---|
422 | <a name="N10120"></a><a name="Refreshing+Service+Level+Authorization+Configuration"></a> |
---|
423 | <h3 class="h4">Refreshing Service Level Authorization Configuration</h3> |
---|
424 | <p>The service-level authorization configuration for the NameNode and |
---|
425 | JobTracker can be changed without restarting either of the Hadoop master |
---|
426 | daemons. The cluster administrator can change |
---|
427 | <span class="codefrag">${HADOOP_CONF_DIR}/hadoop-policy.xml</span> on the master nodes and |
---|
428 | instruct the NameNode and JobTracker to reload their respective |
---|
429 | configurations via the <em>-refreshServiceAcl</em> switch to |
---|
430 | <em>dfsadmin</em> and <em>mradmin</em> commands respectively.</p> |
---|
431 | <p>Refresh the service-level authorization configuration for the |
---|
432 | NameNode:</p> |
---|
433 | <p> |
---|
434 | |
---|
435 | <span class="codefrag">$ bin/hadoop dfsadmin -refreshServiceAcl</span> |
---|
436 | |
---|
437 | </p> |
---|
438 | <p>Refresh the service-level authorization configuration for the |
---|
439 | JobTracker:</p> |
---|
440 | <p> |
---|
441 | |
---|
442 | <span class="codefrag">$ bin/hadoop mradmin -refreshServiceAcl</span> |
---|
443 | |
---|
444 | </p> |
---|
445 | <p>Of course, one can use the |
---|
446 | <span class="codefrag">security.refresh.policy.protocol.acl</span> property in |
---|
447 | <span class="codefrag">${HADOOP_CONF_DIR}/hadoop-policy.xml</span> to restrict access to |
---|
448 | the ability to refresh the service-level authorization configuration to |
---|
449 | certain users/groups.</p> |
---|
450 | <a name="N10151"></a><a name="Examples"></a> |
---|
451 | <h3 class="h4">Examples</h3> |
---|
452 | <p>Allow only users <span class="codefrag">alice</span>, <span class="codefrag">bob</span> and users in the |
---|
453 | <span class="codefrag">mapreduce</span> group to submit jobs to the Map/Reduce cluster:</p> |
---|
454 | <table class="ForrestTable" cellspacing="1" cellpadding="4"> |
---|
455 | |
---|
456 | <tr> |
---|
457 | <td colspan="1" rowspan="1"> <property></td> |
---|
458 | </tr> |
---|
459 | |
---|
460 | <tr> |
---|
461 | <td colspan="1" rowspan="1"> <name>security.job.submission.protocol.acl</name></td> |
---|
462 | </tr> |
---|
463 | |
---|
464 | <tr> |
---|
465 | <td colspan="1" rowspan="1"> <value>alice,bob mapreduce</value></td> |
---|
466 | </tr> |
---|
467 | |
---|
468 | <tr> |
---|
469 | <td colspan="1" rowspan="1"> </property></td> |
---|
470 | </tr> |
---|
471 | |
---|
472 | </table> |
---|
473 | <p></p> |
---|
474 | <p>Allow only DataNodes running as the users who belong to the |
---|
475 | group <span class="codefrag">datanodes</span> to communicate with the NameNode:</p> |
---|
476 | <table class="ForrestTable" cellspacing="1" cellpadding="4"> |
---|
477 | |
---|
478 | <tr> |
---|
479 | <td colspan="1" rowspan="1"> <property></td> |
---|
480 | </tr> |
---|
481 | |
---|
482 | <tr> |
---|
483 | <td colspan="1" rowspan="1"> <name>security.datanode.protocol.acl</name></td> |
---|
484 | </tr> |
---|
485 | |
---|
486 | <tr> |
---|
487 | <td colspan="1" rowspan="1"> <value> datanodes</value></td> |
---|
488 | </tr> |
---|
489 | |
---|
490 | <tr> |
---|
491 | <td colspan="1" rowspan="1"> </property></td> |
---|
492 | </tr> |
---|
493 | |
---|
494 | </table> |
---|
495 | <p></p> |
---|
496 | <p>Allow any user to talk to the HDFS cluster as a DFSClient:</p> |
---|
497 | <table class="ForrestTable" cellspacing="1" cellpadding="4"> |
---|
498 | |
---|
499 | <tr> |
---|
500 | <td colspan="1" rowspan="1"> <property></td> |
---|
501 | </tr> |
---|
502 | |
---|
503 | <tr> |
---|
504 | <td colspan="1" rowspan="1"> <name>security.client.protocol.acl</name></td> |
---|
505 | </tr> |
---|
506 | |
---|
507 | <tr> |
---|
508 | <td colspan="1" rowspan="1"> <value>*</value></td> |
---|
509 | </tr> |
---|
510 | |
---|
511 | <tr> |
---|
512 | <td colspan="1" rowspan="1"> </property></td> |
---|
513 | </tr> |
---|
514 | |
---|
515 | </table> |
---|
516 | </div> |
---|
517 | |
---|
518 | |
---|
519 | </div> |
---|
520 | <!--+ |
---|
521 | |end content |
---|
522 | +--> |
---|
523 | <div class="clearboth"> </div> |
---|
524 | </div> |
---|
525 | <div id="footer"> |
---|
526 | <!--+ |
---|
527 | |start bottomstrip |
---|
528 | +--> |
---|
529 | <div class="lastmodified"> |
---|
530 | <script type="text/javascript"><!-- |
---|
531 | document.write("Last Published: " + document.lastModified); |
---|
532 | // --></script> |
---|
533 | </div> |
---|
534 | <div class="copyright"> |
---|
535 | Copyright © |
---|
536 | 2008 <a href="http://www.apache.org/licenses/">The Apache Software Foundation.</a> |
---|
537 | </div> |
---|
538 | <!--+ |
---|
539 | |end bottomstrip |
---|
540 | +--> |
---|
541 | </div> |
---|
542 | </body> |
---|
543 | </html> |
---|