hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuan Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9006) Winutils should keep Administrators privileges intact
Date Fri, 09 Nov 2012 06:20:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493762#comment-13493762
] 

Chuan Liu commented on HADOOP-9006:
-----------------------------------

>... avoid appending new data to the ACL objects on files/folders or we may end up filling
up the allowed space and then failing subsequent operations.

Yes. I think the code will avoid this by overwriting the old permission settings with new
permissions.
                
> Winutils should keep Administrators privileges intact
> -----------------------------------------------------
>
>                 Key: HADOOP-9006
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9006
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 1-win
>            Reporter: Chuan Liu
>            Assignee: Chuan Liu
>            Priority: Minor
>             Fix For: 1-win
>
>         Attachments: HADOOP-9006-branch-1-win.patch
>
>
> This issue was originally discovered by [~ivanmi]. Cite his words as follows.
> {quote}
> Current by design behavior is for winutils to ACL the folders only for the user passed
in thru chmod/chown. This causes some un-natural side effects in cases where Hadoop services
run in the context of a non-admin user. For example, Administrators on the box will no longer
be able to:
>  - delete files created in the context of Hadoop services (other users)
>  - check the size of the folder where HDFS blocks are stored
> {quote}
> In my opinion, it is natural for some special accounts on Windows to be able to access
all the folders, including Hadoop folders. This is similar to Linux in the way root users
on Linux can always access any directories regardless the permissions set the those directories.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message