- Threat ID
- Threat Date
- Threat Name
- DFS superuser group
- CVE Reference
- CCE Reference
- Database Type
- All versions of Hadoop
- Hadoop allows the definition of a special 'superuser group': members of this group will be considered superusers. This setting should be authorized and audited by the system administrator.
- Hadoop DFS has the concept of superuser: an account for which permissions never fail, allowed to perform any action. The superuser is the user with the same identity as name node process itself.
The administrator may also specify a distinguished group using a configuration parameter in hdfs-site.xml file. If set, members of this group are also superusers. Until Hadoop version 2.0, this configuration parameter is named "dfs.permissions.supergroup"; since v2.0, it is named "dfs.permissions.superusergroup".
This parameter accepts only one group name.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.