hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-5737) Replacing only the default ACL can fail to copy unspecified base entries from the access ACL.
Date Wed, 08 Jan 2014 18:36:51 GMT

     [ https://issues.apache.org/jira/browse/HDFS-5737?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Nauroth updated HDFS-5737:
--------------------------------

    Attachment: HDFS-5673.1.patch

Here is a patch to fix the bug.
# The easiest way to fix this is to do another sort at the start of {{AclTransformation#copyDefaultsIfNeeded}}.
# This bug had been causing us to produce invalid default ACLs that are missing the base entries
(owner, group, other).  As an extra defense, I changed the validation logic so that it requires
the base entries for both access and default.  Previously, this was just enforced for access.
 To do this, I rewrote this portion of the logic to use the search approach, similar to what
people found more readable for {{AclTransformation#copyDefaultsIfNeeded}}.  In theory, the
checks on the default ACL should never fail, because we should always copy the missing required
entries from the access ACL.  However, if there is a bug, then it's better to bail earlier
instead of producing an invalid default ACL that gets used later.
# Added one more test in {{TestAclTransformation}}.  This test failed before I made the fix
in {{AclTransformation}}.

> Replacing only the default ACL can fail to copy unspecified base entries from the access
ACL.
> ---------------------------------------------------------------------------------------------
>
>                 Key: HDFS-5737
>                 URL: https://issues.apache.org/jira/browse/HDFS-5737
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HDFS-5737.1.patch
>
>
> The final round of changes in HDFS-5673 switched to a search approach instead of a scan
approach for finding base access entries that need to be copied to the default ACL.  However,
in the case of doing full replacement on the default ACL, the list may not be sorted properly
at this point in the code, causing the searches to miss the access entries.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message