hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cnaur...@apache.org
Subject [3/3] hadoop git commit: HDFS-9552. Document types of permission checks performed for HDFS operations. Contributed by Chris Nauroth.
Date Thu, 17 Dec 2015 18:44:27 GMT
HDFS-9552. Document types of permission checks performed for HDFS operations. Contributed by
Chris Nauroth.

(cherry picked from commit 724e71f63b35695482642ed7aedacd70d08e6cb1)
(cherry picked from commit 940026fc6b2682a3b62d3e33ba977f5ae6375fbf)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/7cc11b22
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/7cc11b22
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/7cc11b22

Branch: refs/heads/branch-2.8
Commit: 7cc11b22dd465b5ecae4eab07df6308b933be758
Parents: 12df736
Author: cnauroth <cnauroth@apache.org>
Authored: Thu Dec 17 10:43:48 2015 -0800
Committer: cnauroth <cnauroth@apache.org>
Committed: Thu Dec 17 10:44:00 2015 -0800

----------------------------------------------------------------------
 hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt     |  3 +
 .../src/site/markdown/HdfsPermissionsGuide.md   | 58 ++++++++++++++++++++
 2 files changed, 61 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/7cc11b22/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index b02a4ae..9af1271 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -862,6 +862,9 @@ Release 2.8.0 - UNRELEASED
     HDFS-9557. Reduce object allocation in PB conversion
     (Daryn Sharp via cnauroth)
 
+    HDFS-9552. Document types of permission checks performed for HDFS
+    operations. (cnauroth)
+
   OPTIMIZATIONS
 
     HDFS-8026. Trace FSOutputSummer#writeChecksumChunks rather than

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7cc11b22/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
index 450255e..8927b0f 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
@@ -19,6 +19,7 @@ HDFS Permissions Guide
     * [Overview](#Overview)
     * [User Identity](#User_Identity)
     * [Group Mapping](#Group_Mapping)
+    * [Permission Checks](#Permission_Checks)
     * [Understanding the Implementation](#Understanding_the_Implementation)
     * [Changes to the File System API](#Changes_to_the_File_System_API)
     * [Changes to the Application Shell](#Changes_to_the_Application_Shell)
@@ -81,6 +82,63 @@ For HDFS, the mapping of users to groups is performed on the NameNode.
Thus, the
 
 Note that HDFS stores the user and group of a file or directory as strings; there is no conversion
from user and group identity numbers as is conventional in Unix.
 
+Permission Checks
+-----------------
+
+Each HDFS operation demands that the user has specific permissions (some combination of READ,
WRITE and EXECUTE), granted through file ownership, group membership or the other permissions.
 An operation may perform permission checks at multiple components of the path, not only the
final component.  Additionally, some operations depend on a check of the owner of a path.
+
+All operations require traversal access.  Traversal access demands the EXECUTE permission
on all existing components of the path, except for the final path component.  For example,
for any operation accessing `/foo/bar/baz`, the caller must have EXECUTE permission on `/`,
`/foo` and `/foo/bar`.
+
+The following table describes the permission checks performed by HDFS for each component
of the path.
+
+* **Ownership:** Whether or not to check if the caller is the owner of the path.  Typically,
operations that change the ownership or permission metadata demand that the caller is the
owner.
+* **Parent:** The parent directory of the requested path.  For example, for the path `/foo/bar/baz`,
the parent is `/foo/bar`.
+* **Ancestor:** The last **existing** component of the requested path.  For example, for
the path `/foo/bar/baz`, the ancestor path is `/foo/bar` if `/foo/bar` exists.  The ancestor
path is `/foo` if `/foo` exists but `/foo/bar` does not exist.
+* **Final:** The final component of the requested path.  For example, for the path `/foo/bar/baz`,
the final path component is `/foo/bar/baz`.
+* **Sub-tree:** For a path that is a directory, the directory itself and all of its child
sub-directories, recursively.  For example, for the path `/foo/bar/baz`, which has 2 sub-directories
named `buz` and `boo`, the sub-tree is `/foo/bar/baz`, `/foo/bar/baz/buz` and `/foo/bar/baz/boo`.
+
+Operation             | Ownership | Parent          | Ancestor            | Final       
                       | Sub-tree
+--------------------- | --------- | --------------  | ------------------- | -----------------------------------
| --------
+append                | NO        | N/A             | N/A                 | WRITE       
                       | N/A
+concat                | NO [2]    | WRITE (sources) | N/A                 | READ (sources),
WRITE (destination) | N/A
+create                | NO        | N/A             | WRITE               | WRITE [1]   
                       | N/A
+createSnapshot        | YES       | N/A             | N/A                 | N/A         
                       | N/A
+delete                | NO [2]    | WRITE           | N/A                 | N/A         
                       | READ, WRITE, EXECUTE
+deleteSnapshot        | YES       | N/A             | N/A                 | N/A         
                       | N/A
+getAclStatus          | NO        | N/A             | N/A                 | N/A         
                       | N/A
+getBlockLocations     | NO        | N/A             | N/A                 | READ        
                       | N/A
+getContentSummary     | NO        | N/A             | N/A                 | N/A         
                       | READ, EXECUTE
+getFileInfo           | NO        | N/A             | N/A                 | N/A         
                       | N/A
+getFileLinkInfo       | NO        | N/A             | N/A                 | N/A         
                       | N/A
+getLinkTarget         | NO        | N/A             | N/A                 | N/A         
                       | N/A
+getListing            | NO        | N/A             | N/A                 | READ, EXECUTE
                      | N/A
+getSnapshotDiffReport | NO        | N/A             | N/A                 | READ        
                       | READ
+getStoragePolicy      | NO        | N/A             | N/A                 | READ        
                       | N/A
+getXAttrs             | NO        | N/A             | N/A                 | READ        
                       | N/A
+listXAttrs            | NO        | EXECUTE         | N/A                 | N/A         
                       | N/A
+mkdirs                | NO        | N/A             | WRITE               | N/A         
                       | N/A
+modifyAclEntries      | YES       | N/A             | N/A                 | N/A         
                       | N/A
+removeAcl             | YES       | N/A             | N/A                 | N/A         
                       | N/A
+removeAclEntries      | YES       | N/A             | N/A                 | N/A         
                       | N/A
+removeDefaultAcl      | YES       | N/A             | N/A                 | N/A         
                       | N/A
+removeXAttr           | NO [2]    | N/A             | N/A                 | WRITE       
                       | N/A
+rename                | NO [2]    | WRITE (source)  | WRITE (destination) | N/A         
                       | N/A
+renameSnapshot        | YES       | N/A             | N/A                 | N/A         
                       | N/A
+setAcl                | YES       | N/A             | N/A                 | N/A         
                       | N/A
+setOwner              | YES [3]   | N/A             | N/A                 | N/A         
                       | N/A
+setPermission         | YES       | N/A             | N/A                 | N/A         
                       | N/A
+setReplication        | NO        | N/A             | N/A                 | WRITE       
                       | N/A
+setStoragePolicy      | NO        | N/A             | N/A                 | WRITE       
                       | N/A
+setTimes              | NO        | N/A             | N/A                 | WRITE       
                       | N/A
+setXAttr              | NO [2]    | N/A             | N/A                 | WRITE       
                       | N/A
+truncate              | NO        | N/A             | N/A                 | WRITE       
                       | N/A
+
+[1] WRITE access on the final path component during `create` is only required if the call
uses the overwrite option and there is an existing file at the path.
+
+[2] Any operation that checks WRITE permission on the parent directory also checks ownership
if the [sticky bit](#Overview) is set.
+
+[3] Calling `setOwner` to change the user that owns a file requires [HDFS super-user](#The_Super-User)
access.  HDFS super-user access is not required to change the group, but the caller must be
a member of the specified group.
+
 Understanding the Implementation
 --------------------------------
 


Mime
View raw message