hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-11321) copyToLocal cannot save a file to an SMB share unless the user has Full Control permissions.
Date Tue, 16 Dec 2014 21:35:15 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chris Nauroth updated HADOOP-11321:
    Attachment: HADOOP-11321.008.patch

[~arpitagarwal] correctly pointed out an issue in the handling of the max length rule for
{{CreateDirectory}}.  If it must be possible to append an 8.3 file name, then we also need
room for an additional path separator, in case the original path didn't provide it.  In fact,
in our case, we expect not to have a trailing path separator, because it gets removed by {{java.io.File#getAbsolutePath}}.
 Here is patch v008, changing to {{MAX_PATH - 13}} instead of {{MAX_PATH - 12}}.  Thanks for
the good eye, Arpit.

> copyToLocal cannot save a file to an SMB share unless the user has Full Control permissions.
> --------------------------------------------------------------------------------------------
>                 Key: HADOOP-11321
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11321
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 2.6.0
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HADOOP-11321.003.patch, HADOOP-11321.004.patch, HADOOP-11321.005.patch,
HADOOP-11321.006.patch, HADOOP-11321.007.patch, HADOOP-11321.008.patch, HADOOP-11321.1.patch,
HADOOP-11321.2.patch, winutils.tmp.patch
> In Hadoop 2, it is impossible to use {{copyToLocal}} to copy a file from HDFS to a destination
on an SMB share.  This is because in Hadoop 2, the {{copyToLocal}} maps to 2 underlying {{RawLocalFileSystem}}
operations: {{create}} and {{setPermission}}.  On an SMB share, the user may be authorized
for the {{create}} but denied for the {{setPermission}}.  Windows denies the {{WRITE_DAC}}
right required by {{setPermission}} unless the user has Full Control permissions.  Granting
Full Control isn't feasible for most deployments, because it's insecure.  This is a regression
from Hadoop 1, where {{copyToLocal}} only did a {{create}} and didn't do a separate {{setPermission}}.

This message was sent by Atlassian JIRA

View raw message