Cloudera Community
vmshah
user rank
Contributor

Re: HDFS encryption confusion

by Contributor in Support Questions
‎02-09-2016 01:54 PM
‎02-09-2016 01:54 PM
I understand that setting permission will control the read write. But then how encryption is useful to prevent other users reading your data. I understand if you get block level access to file, user will not be able to read. For security related to other user in the same system seeing encrypted data, I am not sure if there would be the use case for that or not ... View more

Re: HDFS encryption confusion

by Contributor in Support Questions
‎02-09-2016 01:31 PM
‎02-09-2016 01:31 PM
Thanks for the reply.   Confusion i had was because of following question. If let's say user1 has put file into encryption zone   hadoop fs -put /tmp/helloWorld.txt /tmp/user1zone1 drwxr-xr-x - user1 supergroup 0 2016-02-10 02:42 /tmp/user1zone1   now let's say as user2 execute following comand  hadoop fs -cat /tmp/user1zone1/helloWorld.txt   no matter whatever user i use to read content i am able to read the content of a file.   Should user2 able to see original text contents?   ... View more

HDFS Transparent Encryption: Why Other Users Can S...

by Contributor in Support Questions
‎01-30-2016 04:51 AM
‎01-30-2016 04:51 AM
I am new to HDFS Transparent encryption feature. I am using cloudera CDH 5.4.9 and trying to use hdfs encryption in following manner. # I am using Java KeyStore and configured KMS service and integrated HDFS to use this JAVA KMS # Create two users useradd -m user1 passwd user1 useradd -m user2 passwd user2 # As a user1 perform following operations # Create key and create user1 encryption zone # link user1 zone to created key su user1 hadoop key create user1key1 hadoop fs -mkdir /tmp/user1zone1 su hdfs hdfs crypto -createZone -keyName user1key1 -path /tmp/user1zone1 # verify zone is created hdfs crypto -listZones # create file with user1 credential and put into user1 encryption zone echo "Hello World" > /tmp/helloWorld.txt hadoop fs -put /tmp/helloWorld.txt /tmp/user1zone1 hadoop fs -cat /tmp/user1zone1/helloWorld.txt Hello World # Verify if file is encrypted su hdfs hadoop fs -cat /.reserved/raw/tmp/zone1/helloWorld.txt T▒▒6▒5▒▒7̼[ # Now login as another user su user2 hadoop fs -cat /tmp/user1zone1/helloWorld.txt Hello World If encryption zone was created by user1 then how another user2 is able to view the encrypted data. I might be missing something very basic here. Can anyone shed some light on this? ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎05-20-2016 08:06 AM
Community Statistics
Member Since ‎12-30-2015 03:39 AM
Last Visited ‎05-20-2016 08:06 AM
Posts 20
Kudos received 10