hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varada Hemeswari (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14768) Honoring sticky bit during Deletion when authorization is enabled in WASB
Date Thu, 21 Sep 2017 17:24:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16175142#comment-16175142
] 

Varada Hemeswari commented on HADOOP-14768:
-------------------------------------------

[~tmarq], I agree to the risk of performance and functionality. 

We are already considering sticky bit only if authorization is enabled. So I think adding
another flag is unnecesary. Please note that the changes not only add sticky bit but also
change semantics of delete when authorization is enabled.( introducing partial delete whereas
previously failure of single auth check used to halt entire delete).These required the changes
you pointed out, that may actually cause performance to regress. So seperate flag for stickybit
may not be that useful.

I can make changes such that if authorization is not enabled, delete will continue along the
previous legacy path or else the new changes will take effect. Let me know if this works.

> Honoring sticky bit during Deletion when authorization is enabled in WASB
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-14768
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14768
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>            Reporter: Varada Hemeswari
>            Assignee: Varada Hemeswari
>              Labels: fs, secure, wasb
>         Attachments: HADOOP-14768.001.patch, HADOOP-14768.002.patch, HADOOP-14768.003.patch,
HADOOP-14768.003.patch, HADOOP-14768.004.patch, HADOOP-14768.004.patch
>
>
> When authorization is enabled in WASB filesystem, there is a need for stickybit in cases
where multiple users can create files under a shared directory. This additional check for
sticky bit is reqired since any user can delete another user's file because the parent has
WRITE permission for all users.
> The purpose of this jira is to implement sticky bit equivalent for 'delete' call when
authorization is enabled.
> Note : Sticky bit implementation for 'Rename' operation is not done as part of this JIRA



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message