hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-4268) Permission checking in fsck
Date Mon, 05 Jan 2009 22:19:44 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tsz Wo (Nicholas), SZE updated HADOOP-4268:
-------------------------------------------

    Fix Version/s: 0.21.0
         Assignee: Tsz Wo (Nicholas), SZE
     Release Note: Add permission checking on fsck.  Before the changes, fsck invokes NameNode
internal methods directly.  So that any user can run fsck on any path, even for the path they
do not have permission to access the files.  After the changes, fsck invokes the ClientProtocol
methods.  Then the corresponding permission requirement for running the ClientProtocol methods
will be enforced.
     Hadoop Flags: [Incompatible change, Reviewed]
           Status: Patch Available  (was: Open)

{noformat}
     [exec] +1 overall.  
     [exec] 
     [exec]     +1 @author.  The patch does not contain any @author tags.
     [exec] 
     [exec]     +1 tests included.  The patch appears to include 6 new or modified tests.
     [exec] 
     [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
     [exec] 
     [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler
warnings.
     [exec] 
     [exec]     +1 findbugs.  The patch does not introduce any new Findbugs warnings.
     [exec] 
     [exec]     +1 Eclipse classpath. The patch retains Eclipse classpath integrity.
{noformat}

> Permission checking in fsck
> ---------------------------
>
>                 Key: HADOOP-4268
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4268
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.17.2
>            Reporter: Koji Noguchi
>            Assignee: Tsz Wo (Nicholas), SZE
>             Fix For: 0.21.0
>
>         Attachments: 4268_20081217.patch, 4268_20081218.patch, 4268_20081218b.patch,
4268_20081230.patch
>
>
> Quoting from HADOOP-3222 ("fsck should require superuser privilege"), 
> bq. I agree that it makes sense to make fsck do permission checking for the nodes that
it traverses. If a user does a fsck on files/directories that he/she has access to (using
permissions) then that invocation of fsck should be allowed. Since "/" is usually owned by
super-user, only super-user should be allowed to run fsck on "/".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message