hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colin McCabe <cmcc...@alumni.cmu.edu>
Subject Re: Symbolic links disablement
Date Thu, 01 Jan 2015 00:12:07 GMT
As far as I know, nobody is working on this at the moment.  There are
a lot of issues that would need to be worked through before we could
enable symlinks in production.

We never quite agreed on the semantics of how symlinks should work...
for example, some people advocated that listing a directory should
list the resolved names of all symlinks in it, while others argued
that this would impose too great a performance load on clients listing
directories with symlinks.  Similarly, some people argued that
cross-filesystem symlinks should be banned, partly because they can't
be optimized very effectively.

Then there were a bunch of security issues.  Basically any
higher-level software that is relying on path-based access will have
problems with symlinks.  For example, Hive assumes that if you limit a
user's access to just things under /home/username, then you have
effectively sandboxed that person.  But if you can create a symlink
from /home/username/foo to /foo, then you've effectively broken out of
Hive's sandbox.  Since Hive often runs with elevated permissions, and
is willing access files under /home/username with those permissions,
this would be disastrous.  Hive is just one example, of course...
basically we'd have to audit all software using HDFS for this kind of
problem before enabling symlinks.

You can see a list of all these issues and more at:


On Thu, Dec 25, 2014 at 12:30 PM, Ananth Gundabattula
<agundabattula@gmail.com> wrote:
> Hello All,
> Happy holidays.
> I was wondering if Symbolic links would be re-enabled anytime in the near
> future ? https://issues.apache.org/jira/browse/HADOOP-10020
> I am using CDH VM and the moment I try to use the
> FileContext.createSymlink() I get an error stating " Symbolic links not
> supported" message ( UnsupportedOperationException ). The release notes
> from CDH states that HADOOP-10020 is currently in the binary release.
> Is there any expected time line for this feature to be put back into the
> main trunk ? If it is already, could anyone point me to the hadoop release
> that the symbolic link has been reenabled ?
> Thanks for your time.
> Regards,
> Ananth

View raw message