- Threat ID
- Threat Date
- Threat Name
- HDFS permissions disabled
- CVE Reference
- CCE Reference
- Database Type
- Improper Access Controls
- All versions of Hadoop
- HDFS has a permissions model for files and directories that is enabled by default and should be kept enabled.
- The Hadoop Distributed File System (HDFS) implements a permissions model for files and directories that shares much of the POSIX model: each file and directory is associated with an owner and a group. The file or directory has separate permissions for the user that is the owner, for other users that are members of the group, and for all other users. There are three types of permission: the read permission ( r ), the write permission ( w ), and the execute permission ( x ). The read permission is required to read files or list the contents of a directory. The write permission is required to write a file, or for a directory, to create or delete files or directories in it. The execute permission is ignored for a file because you can't execute a file on HDFS (unlike POSIX), and for a directory this permission is required to access its children.
When permissions checking is enabled, the owner permissions are checked if the client's username matches the owner, and the group permissions are checked if the client is a member of the group; otherwise, the other permissions are checked.
Permissions are enabled by default.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.