zoukankan      html  css  js  c++  java

  • hadoop安全之hftp

    hftp默认是打开的,同意以浏览器的方式訪问和下载文件,以此方式下,能够读取全部文件,留下了安全隐患.

    測试例如以下

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.
    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024

    在hdfs-site.xml中加入下面配置禁用webhdfs

      <property>
    <name>dfs.webhdfs.enabled</name>
    <value>false</value>
  </property>

    禁止webhdfs之后,hftp协议能够继续使用.測试例如以下:
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

    /user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级文件夹selfreadonly的全部者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入下面地址,就能下载.

    http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?

    op=OPEN&offset=0&length=1024
    禁止webhdfs之后,hftp协议能够继续使用.
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
    [xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
    Found 4 items
    drwx------   - zhouyang cdn          0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
    drwxrwx---   - cdn      cdn          0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
    drwxrwxr-x   - wangjing cdn          0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing

  • 相关阅读:
    数据库范式
    java String.split()用法
    1.4 IoC控制反转
    利用shrinkwrap锁定依赖版本
    清晨开启电脑自动拉取项目更新
    JS如何获取屏幕、浏览器及网页高度宽度?
    Navigator 对象,能够清楚地知道浏览器的相关信息
    iconfont 转换为图标字体
    VS code的搜索、替换与正则替换
    点九图制作方法
  • 原文地址:https://www.cnblogs.com/yfceshi/p/6850327.html
Copyright © 2011-2022 走看看