zoukankan      html  css  js  c++  java

  • hadoop安全之hftp

    hftp默认是打开的,同意以浏览器的方式訪问和下载文件,以此方式下,能够读取全部文件,留下了安全隐患.

    測试例如以下

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.
    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024

    在hdfs-site.xml中加入下面配置禁用webhdfs

      <property>
    <name>dfs.webhdfs.enabled</name>
    <value>false</value>
  </property>

    禁止webhdfs之后,hftp协议能够继续使用.測试例如以下:
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.

    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?

    op=OPEN&offset=0&length=1024
    禁止webhdfs之后,hftp协议能够继续使用.
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

  • 相关阅读:
    IntelliJ IDEA 2017 注册方法
    WindowsAll下安装与破解IntelliJ IDEA2017
    JPA的一对多映射(双向)关联
    JPA 单向一对多关联关系
    JPA 映射单向多对一的关联关系
    关于数据库主键和外键
    JPA(API)
    X509 文件扩展名
    linux设置支持中文
    wp8安装SSL证书
  • 原文地址:https://www.cnblogs.com/yfceshi/p/6850327.html
Copyright © 2011-2022 走看看