hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11321) copyToLocal cannot save a file to an SMB share unless the user has Full Control permissions.
Date Tue, 09 Dec 2014 01:36:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14238819#comment-14238819
] 

Colin Patrick McCabe commented on HADOOP-11321:
-----------------------------------------------

Awesome.  Let me know if you want help on the fchmod thing... we could split this JIRA into
one for Windows and one for Linux.  Or maybe it makes sense to keep it all here, and just
do it for both platforms in this patch?

I reviewed HADOOP-11349, which is a small fix for just the FD leak (good find)

> copyToLocal cannot save a file to an SMB share unless the user has Full Control permissions.
> --------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11321
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11321
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 2.6.0
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HADOOP-11321.1.patch, HADOOP-11321.2.patch, winutils.tmp.patch
>
>
> In Hadoop 2, it is impossible to use {{copyToLocal}} to copy a file from HDFS to a destination
on an SMB share.  This is because in Hadoop 2, the {{copyToLocal}} maps to 2 underlying {{RawLocalFileSystem}}
operations: {{create}} and {{setPermission}}.  On an SMB share, the user may be authorized
for the {{create}} but denied for the {{setPermission}}.  Windows denies the {{WRITE_DAC}}
right required by {{setPermission}} unless the user has Full Control permissions.  Granting
Full Control isn't feasible for most deployments, because it's insecure.  This is a regression
from Hadoop 1, where {{copyToLocal}} only did a {{create}} and didn't do a separate {{setPermission}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message