hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hairong Kuang (JIRA)" <j...@apache.org>
Subject [jira] Issue Comment Edited: (HADOOP-2514) Trash and permissions don't mix
Date Fri, 04 Jan 2008 16:46:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12555751#action_12555751
] 

hairong edited comment on HADOOP-2514 at 1/4/08 8:45 AM:
---------------------------------------------------------------

> No, it's a rename.

If we treat trashing as a rename, it is possible to move user B's files into user A's trash
can. For example, there is world-wide rwx directory called /user/A/shared owned by user A,
under which user B creates a file dirB/fileB with a permission 755. User A trashing /user/A/shared
will move file fileB to its trash can. Is this acceptable? How does fileB  get removed from
the trash can? On the other hand, removing the same directory from a program is denied because
of the permission violation. Is this permission semantics difference acceptable?

      was (Author: hairong):
    > No, it's a rename.

If we treat trashing as a rename, it is possible to move user B's files into user A's trash
can. For example, there is world-wide rwx directory called /user/A/shared owned by user A,
under which user A creates a file XX. User A trashing /user/A/shared will move file XX to
its trash can. Is this acceptable? How does file XX get removed from the trash can? On the
other hand, removing the same directory from a program is denied because of the permission
violation. Is this permission semantics difference acceptable?
  
> Trash and permissions don't mix
> -------------------------------
>
>                 Key: HADOOP-2514
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2514
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.16.0
>            Reporter: Robert Chansler
>             Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the server will
at some point really delete the contents of trash. With the advent of permissions, a user
can "mv" folders that the user cannot "rm". The present trash feature as implemented would
allow the user to suborn the server into deleting a folder in violation of the permissions
model.
> A related issue is that if anybody can mv a folder to the trash anybody else can mv that
same folder from the trash. This may be contrary to the expectations of the user.
> What is a better model for trash?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message