- Threat ID
- Threat Date
- Threat Name
- User name to be used by the web server
- CVE Reference
- CCE Reference
- Database Type
- All versions of Hadoop
- The identity of the web server is a configuration parameter. The web server behaves as if it has the identity (user and groups) of a user chosen by the administrator. This should be authorized and audited by the system administrator.
- NameNode and DataNode each run an internal web server in order to display basic information about the current status of the cluster. The web interface can also be used to browse the file system.
The user account under which the web server is run is a configuration parameter. That is, the name node has no notion of the identity of the real user, but the web server behaves as if it has the identity (user and groups) of a user chosen by the administrator. Unless the chosen identity matches the superuser, parts of the name space may be inaccessible to the web server. If the specified account is superuser, any client will have access to anything published by the server, including the contents of the file system.
The parameter is named "dfs.web.ugi", located in hdfs-site.xml file. The default value for this parameter is "webuser,webgroup" meaning the web server will run under an account named "webuser" member of the group "webgroup". More than a group can be specified after the first group, separated by commas.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.