hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9929) Insufficient permissions for a path reported as file not found
Date Thu, 05 Sep 2013 01:46:52 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9929?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13758661#comment-13758661
] 

Colin Patrick McCabe commented on HADOOP-9929:
----------------------------------------------

Hi Dilli,

Neither the current (buggy) nor the fixed behavior allows users to list directories that they
shouldn't.  The question is whether an exception should be thrown, or the offending paths
should silently be left out of the glob.

Users are allowed to know that the inaccessible directory exists, because it exists in a directory
which they do have list access to.

For example if you had

{code}
/           with permission 0755
/secret     with permission 0700
/mundane    with permission 0777
{code}

The question is whether /* by an unprivileged user should throw an exception, or simply return
"/mundane".  The unprivileged user is allowed to know that /secret exists, since it is located
in a directory which he has list permission for, e.g. the root directory.
                
> Insufficient permissions for a path reported as file not found
> --------------------------------------------------------------
>
>                 Key: HADOOP-9929
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9929
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 2.1.0-beta, 2.0.4-alpha
>            Reporter: Jason Lowe
>            Assignee: Colin Patrick McCabe
>         Attachments: HADOOP-9929.001.patch
>
>
> Using "hadoop fs -ls" to list a path where the permissions of a parent directory are
insufficient ends up reporting "no such file or directory" on the full path rather than reporting
the permission issue.  For example:
> {noformat}
> $ hadoop fs -ls /user/abc/tests/data
> ls: `/user/abc/tests/data': No such file or directory
> $ hadoop fs -ls /user/abc
> ls: Permission denied: user=somebody, access=READ_EXECUTE, inode="/user/abc":abc:hdfs:drwx------
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message