hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s29752-hadoopu...@yahoo.com
Subject Re: [some bugs] Re: file permission problem
Date Mon, 17 Mar 2008 18:56:06 GMT
Hi Stefan,

> any magic we can do with hadoop.dfs.umask?
dfs.umask is similar to Unix umask.

> Or is there any other off switch for the file security?
If dfs.permissions is set to false, then the security will be turned off.  

For the two questions above, see http://hadoop.apache.org/core/docs/r0.16.1/hdfs_permissions_guide.html
for more details

> I definitely can reproduce the problem Johannes describes ...
I guess you are using the nightly builds which having the bug.  Please try 0.16.1 release
or current trunk.

> Beside of that I had some interesting observations.
> If I have permissions to write to a folder A I can delete folder A and 
> file B that is inside of folder A even if I do have no permissions for B.
This is also true for POSIX or Unix, where Hadoop permission bases on.

> Also I noticed following in my dfs
> [hadoop@hadoop0 hadoop]$ bin/hadoop fs -ls /user/joa23/myApp-1205474968598
> Found 1 items
> /user/joa23/myApp-1205474968598/VOICE_CALL    <dir>        2008-03-13 16:00   
> rwxr-xr-x    hadoop    supergroup
> [hadoop@hadoop0 hadoop]$ bin/hadoop fs -ls /user/joa23/myApp-1205474968598/VOICE_CALL
> Found 1 items
> /user/joa23/myApp-1205474968598/VOICE_CALL/part-00000    <r 3>    27311   
> 2008-03-13 16:00    rw-r--r--    joa23    supergroup
> Do I miss something or was I able to write as user joa23 into a 
> folder owned by hadoop where I should have no permissions. :-O.
> Should I open some jira issues?
Suppose joa23 is not a superuser.  Then, no.

The output above only shows a file owned by joa23 exists in a directory owned hadoop.  This
can definitely be done by a sequence of commands with chmod/chown.

Suppose joa23 is not a superuser.  If joa23 can create a file, say by "hadoop fs -put ...",
under hadoop's directory with rwxr-xr-x, then it is a bug.  But I don't think we can do this.

Hope this helps.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message