hadoop安全之hftp
2015-06-04 11:06
357 查看
hftp默认是打开的,允许以浏览器的方式访问和下载文件,以此方式下,可以读取所有文件,留下了安全隐患.
测试如下
/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入以下地址,就能下载.
http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024
在hdfs-site.xml中添加以下配置禁用webhdfs
禁止webhdfs之后,hftp协议可以继续使用.测试如下:
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------ - zhouyang cdn 0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x - wangjing cdn 0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx--- - cdn cdn 0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x - wangjing cdn 0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing
/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入以下地址,就能下载.
http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024
禁止webhdfs之后,hftp协议可以继续使用.
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------ - zhouyang cdn 0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x - wangjing cdn 0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx--- - cdn cdn 0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x - wangjing cdn 0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing
测试如下
/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入以下地址,就能下载.
http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024
在hdfs-site.xml中添加以下配置禁用webhdfs
<property> <name>dfs.webhdfs.enabled</name> <value>false</value> </property>
禁止webhdfs之后,hftp协议可以继续使用.测试如下:
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------ - zhouyang cdn 0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x - wangjing cdn 0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx--- - cdn cdn 0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x - wangjing cdn 0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing
/user/hive/warehouse/cdntest.db/selfreadonly/hosts的上级目录selfreadonly的所有者是zhouyang,权限是700,但以xiangtao用户在浏览器中输入以下地址,就能下载.
http://localhost:50070/webhdfs/v1/user/hive/warehouse/cdntest.db/selfreadonly/hosts?op=OPEN&offset=0&length=1024
禁止webhdfs之后,hftp协议可以继续使用.
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
ls: user=xiangtao, access=READ_EXECUTE, inode="/user/hive/warehouse/cdntest.db/selfreadonly":zhouyang:cdn:drwx------
[xiangtao@localhost ~]$ hadoop fs -ls hftp://localhost:50070/user/hive/warehouse/cdntest.db
Found 4 items
drwx------ - zhouyang cdn 0 2015-06-04 10:40 hftp://localhost:50070/user/hive/warehouse/cdntest.db/selfreadonly
drwxrwxr-x - wangjing cdn 0 2015-06-02 18:51 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp1
drwxrwx--- - cdn cdn 0 2015-06-03 17:37 hftp://localhost:50070/user/hive/warehouse/cdntest.db/testp2
drwxrwxr-x - wangjing cdn 0 2015-06-02 10:17 hftp://localhost:50070/user/hive/warehouse/cdntest.db/wangjing
相关文章推荐
- OpenCV学习笔记(16):直方图
- Django+uWsgi+nginx部署
- 鸟哥的linux私房菜学习笔记 ---第6章-2
- linux定时器
- shell退出后 后台进程关闭的原因
- 在centos5 git服务器端安装
- 每天一道算法题(11)——栈的push、pop 序列
- 每天一道算法题(11)——栈的push、pop 序列
- linux c++动态链接库so编写
- Nginx安装与使用
- 百万级PHP网站架构工具箱
- 一步步学习Linux多任务编程
- centos桌面使用
- OpenCV,详解基本图像容器Mat类与IplImage结构体(三)
- 用PowerShell处理复杂Json数据
- nopcommerce中文网
- live555 分析—— OpenRtsp
- Eclipse EE 发布项目导致 Tomcate 的配置文件 server.xml 还原
- centos6.6编译安装nginx-1.8.0
- 自动化运维平台puppet的高级应用