hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weiwei Yang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7064) FsShell does not properly check permissions of files in a directory when doing rmr
Date Thu, 04 Aug 2016 09:21:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407466#comment-15407466

Weiwei Yang commented on HADOOP-7064:

Agree with [~alangates], this is the same issue reported in HDFS-8312, we should get this
fixed. Otherwise HDFS opens security hole that allows user to delete other user's file. I
have commented more in [here | https://issues.apache.org/jira/browse/HDFS-8312?focusedCommentId=15407456&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15407456],
and a propose to fix this, not in code level, but I am going to work on it shortly. Let me
know if it makes sense.

> FsShell does not properly check permissions of files in a directory when doing rmr
> ----------------------------------------------------------------------------------
>                 Key: HADOOP-7064
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7064
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 0.20.2
>            Reporter: Alan Gates
> In POSIX file semantics, the ability to remove an entry a file is determined by whether
the user has write permissions on the directory containing the file.  However, to delete recursively
(rm -r) the user must have write permissions in all directories being removed.  Thus if you
have a directory structure like /a/b/c and a user has write permissions on a but not on b,
then he is not allowed to do 'rm -r b'.  This is because he does not have permissions to remove
c, so the rm of b fails, even though he has permission to remove b.
> However, 'hadoop fs -rmr b' removes both b and c in this case.  It should instead fail
and return an error message saying the user does not have permission to remove c.  'hadoop
fs -rmr c' correctly fails.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message