hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Chansler (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-2514) Trash and permissions don't mix
Date Sat, 05 Jan 2008 01:02:35 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556147#action_12556147
] 

Robert Chansler commented on HADOOP-2514:
-----------------------------------------

I agree with Sanjay that we my be close to consensus. But I'd like to suggest that we're trying
too hard in support of a couple of details.
1. Users without a home directory: Why bother with a public trash can that just reintroduces
some of the problems we'd like to eliminate. If mv fails, just do rm right now.
2. ~/trash vs /trash/user: We seem to be trading a dubious optimization (not having the compactor
read one directory) for additional administrative complexity.
3. Most files are (I suppose!) deleted programmatically. Is there any need for shell rm to
be more efficient than an application program?

On a more philosophical note, if I can mv something to a hidden (inaccessible) location, why
shouldn't I be able to rm the whole thing regardless of interior permissions? (Absent links.)

> Trash and permissions don't mix
> -------------------------------
>
>                 Key: HADOOP-2514
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2514
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.16.0
>            Reporter: Robert Chansler
>             Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the server will
at some point really delete the contents of trash. With the advent of permissions, a user
can "mv" folders that the user cannot "rm". The present trash feature as implemented would
allow the user to suborn the server into deleting a folder in violation of the permissions
model.
> A related issue is that if anybody can mv a folder to the trash anybody else can mv that
same folder from the trash. This may be contrary to the expectations of the user.
> What is a better model for trash?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message