Cloudera Community
naveen1
user rank
Contributor
My Accepted Solutions
Show All

Re: HDFS encryption confusion

by Contributor in Support Questions
‎02-09-2016 01:40 PM
‎02-09-2016 01:40 PM
Vmshah,   Do both users belong to the same group?   d(rwx)(r)-x(r)-x -- according to permissions set, here user1 groups and others can read and execute the data.   If you want only user 1 to read, write and execute the data then set the permissions accordingly.(eg: hadoop fs -chmod 700 /tmp/user1zone1/helloWorld.txt ) ... View more

Re: HDFS encryption confusion

by Contributor in Support Questions
‎02-08-2016 08:58 PM
‎02-08-2016 08:58 PM
First of all both users are accessing the file because u may not have set the permissions of both the users accordingly to access that file. Dont get confused with Encryption and permission. Question you asked is something related to file level permissions and encryption has lot more use cases compare to permissions.   When creating a new file in an encryption zone, the NameNode asks the KMS to generate a new EDEK encrypted with the encryption zone’s key. The EDEK is then stored persistently as part of the file’s metadata on the NameNode.   When reading a file within an encryption zone, the NameNode provides the client with the file’s EDEK and the encryption zone key version used to encrypt the EDEK. The client then asks the KMS to decrypt the EDEK, which involves checking that the client has permission to access the encryption zone key version. Assuming that is successful, the client uses the DEK to decrypt the file’s contents.   Hope this clears your question!!! ... View more
Contact Me
Online
Offline
Last Visited
‎07-31-2019 03:12 PM
Community Statistics
Member Since ‎12-28-2015 09:51 AM
Last Visited ‎07-31-2019 03:12 PM
Posts 47
Kudos received 2