Allen, Unlike you, I am no Unix veteran.
However, having used Hadoop briefly I observed this anomaly. Yes, as you have highlighted, this is not applicable to non-Linux platforms. Hadoop's security layer can be made to re-use SELINUX' policies through remote policy server, to ease the application of policies from a centralised policy server. Further, Hadoop can be made to re-use role-based-access-controls provided by SELINUX. In addition, Hadoop daemons can be subjected to the fine-grained access policies of SELINUX to use the Linux Server's resources. Regards Madhan Sundararajan Devaki Tata Consultancy Services Limited 415/21-24, Kumaran Nagar, Sholinganallur, Old Mahabalipuram, Chennai - 600 119,Tamil Nadu India Cell:- +91-9840141129 Mailto: madhan.sundarara...@tcs.com Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ From: Allen Wittenauer <a...@altiscale.com> To: common-dev@hadoop.apache.org Date: 03/26/2015 06:51 PM Subject: Re: Hadoop Common: Why not re-use the Security model offered by SELINUX? How would you propose we use SELinux features to support security, especially in a distributed manner where clients might be under different administrative controls? What about the non-Linux platforms that Hadoop runs on? On Mar 26, 2015, at 3:46 AM, Madhan Sundararajan <madhan.sundarara...@tcs.com> wrote: > Team, > > SELINUX was introduced to bring in a robust security management in Linux > OS. > > In all distributions of Hadoop (Cloudera/Hortonworks/...) one of the > pre-installation checklist items is to disable SELINUX in all the nodes of > the cluster. > > Why not re-use the security model offered by SELINUX setting instead of > re-inventing from scratch through Sentry/Knox/etc...? > > Regards > Madhan Sundararajan Devaki > > Tata Consultancy Services Limited > 415/21-24, Kumaran Nagar, > Sholinganallur, > Old Mahabalipuram, > Chennai - 600 119,Tamil Nadu > India > Cell:- +91-9840141129 > Mailto: madhan.sundarara...@tcs.com > Website: http://www.tcs.com > ____________________________________________ > Experience certainty. IT Services > Business Solutions > Consulting > ____________________________________________ > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > >
