hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fengdong Yu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4918) HDFS permission check is incorrect
Date Wed, 19 Jun 2013 05:18:20 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13687620#comment-13687620

Fengdong Yu commented on HDFS-4918:

I see this problem from trunk.

HDFS operation works well, but when submit MR, I always get the following:
ERROR security.UserGroupInformation: PriviledgedActionException as:root (auth:SIMPLE) cause:java.io.IOException:
The ownership/permissions on the staging directory hdfs://webdm-cluster/data/hadoop/data/mapred/staging/root/.staging
is not as expected. It is owned by root and permissions are rwxr-xr-x. The directory must
be owned by the submitter root or by root and permissions must be rwx------


chown and chmod cannot solve the problem.

so I read the code again. and get the following:

 void checkPermission(String path, INodeDirectory root, boolean doCheckOwner,
      FsAction ancestorAccess, FsAction parentAccess, FsAction access,
      FsAction subAccess, boolean resolveLink)
   final Snapshot snapshot = inodesInPath.getPathSnapshot();

  /** Guarded by {@link FSNamesystem#readLock()} */
  private void check(INode inode, Snapshot snapshot, FsAction access
      ) throws AccessControlException {
    if (inode == null) {
    FsPermission mode = inode.getFsPermission(snapshot);

    if (user.equals(inode.getUserName(snapshot))) { //user class
      if (mode.getUserAction().implies(access)) { return; }
    else if (groups.contains(inode.getGroupName(snapshot))) { //group class
      if (mode.getGroupAction().implies(access)) { return; }
    else { //other class
      if (mode.getOtherAction().implies(access)) { return; }
    throw new AccessControlException("Permission denied: user=" + user
        + ", access=" + access + ", inode=" + toAccessControlString(inode));

so , If snapshot is null, all permission check are all did by "other class".

> HDFS permission check is incorrect
> ----------------------------------
>                 Key: HDFS-4918
>                 URL: https://issues.apache.org/jira/browse/HDFS-4918
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: hdfs-client, namenode
>    Affects Versions: 2.0.0-alpha
>            Reporter: Fengdong Yu
> HDFS permisson check is incorrect, even if dfs.permissions is set false. it does look
like this was caused by snap shot.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message