- Threat ID
- Threat Date
- Threat Name
- HDFS cluster administrators
- CVE Reference
- CCE Reference
- Database Type
- Improper Access Controls
- All versions of Hadoop
- Property dfs.cluster.administrators defaine an ACL that defines users and groups that are granted HDFS cluster administration privileges. This list should be audited and maintained by the admin.
- The Hadoop Distributed File System (HDFS) implements a permissions model for files and directories that shares much of the POSIX model. Parameter dfs.permissions in file hdfs-site.xml determines if permissions are enforced (true) or not (false). Even if permissions are not enforced, the setting of dfs.cluster.administrators should be audited in case the permissions are switched on.
Property dfs.cluster.administrators in file hdfs-site.xml define a list of accounts and groups that are HDFS cluster administrators. These users have administration privileges and should be audited by the system admin.
Default value is undefined, which means there are no special privileged accounts/groups for HDFS cluster.
Property value is formatted as an ACL: a list of accounts and a list of groups, separated by a space. The special character "*" can be used to indicate all users.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.