hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10191) Missing executable permission on viewfs internal dirs
Date Thu, 20 Mar 2014 16:32:50 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941913#comment-13941913

Chris Nauroth commented on HADOOP-10191:

[~jira.shegalov], the patch looks great.  I just have one question.

All HDFS symlinks have their permissions set to 777.  Conceptually, symlinks don't really
have permissions of their own.  Instead, permission enforcement checks are done using the
permissions of the symlink target.

For consistency, I'm wondering if we should change this patch so that viewfs internal dirs
are set to 555 (as you have already done) and the mount link is set to 777.  From what I understand,
this would still meet your needs for the YARN localizer.  What do you think?

> Missing executable permission on viewfs internal dirs
> -----------------------------------------------------
>                 Key: HADOOP-10191
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10191
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: viewfs
>            Reporter: Gera Shegalov
>            Priority: Blocker
>         Attachments: HADOOP-10191.v01.patch
> ViewFileSystem allows 1) unconditional listing of internal directories (mount points)
and 2) and changing work directories.
> 1) requires read permission
> 2) requires executable permission
> However, the hardcoded PERMISSION_RRR == 444 for FileStatus representing an internal
dir does not have executable bit set.
> This confuses YARN localizer for public resources on viewfs because it requires executable
permission for "other" on all of the ancestor directories of the resource. 
> {code}
> java.io.IOException: Resource viewfs:/pubcache/cache.txt is not publicly accessable and
as such cannot be part of the public cache.
>         at org.apache.hadoop.yarn.util.FSDownload.copy(FSDownload.java:182)
>         at org.apache.hadoop.yarn.util.FSDownload.access$000(FSDownload.java:51)
>         at org.apache.hadoop.yarn.util.FSDownload$1.run(FSDownload.java:279)
>         at org.apache.hadoop.yarn.util.FSDownload$1.run(FSDownload.java:277)
> {code}

This message was sent by Atlassian JIRA

View raw message