zoukankan      html  css  js  c++  java

  • hadoop安全之hftp

    hftp默认是打开的,同意以浏览器的方式訪问和下载文件,以此方式下,能够读取全部文件,留下了安全隐患.

    測试例如以下

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.
    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024

    在hdfs-site.xml中加入下面配置禁用webhdfs

      <property>
    <name>dfs.webhdfs.enabled</name>
    <value>false</value>
  </property>

    禁止webhdfs之后,hftp协议能够继续使用.測试例如以下:
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.

    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?

    op=OPEN&offset=0&length=1024
    禁止webhdfs之后,hftp协议能够继续使用.
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

  • 相关阅读:
    Linux systemd & init.d
    windows 气泡提示
    C++17新特性
    Lua & C++
    C++智能指针原理
    C++ Memory Order
    析命令提示符的原理
    设置与获取系统代理信息
    命令查看系统信息
    Linux shell脚本
  • 原文地址:https://www.cnblogs.com/yfceshi/p/6850327.html
Copyright © 2011-2022 走看看