hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uma Maheswara Rao G (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-6556) Refine XAttr permissions
Date Tue, 24 Jun 2014 17:33:26 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Uma Maheswara Rao G updated HDFS-6556:
--------------------------------------

    Attachment: refinedPermissions-HDFS-6556-2.patch

Thanks a lot Yi for the review. Initially why I changed that permissionChecker to initialize
only on enabling isEnablePermissions is, trusted also should check super user only on enabling
permissions. But Now I realized that Trusted.* is depending on kind of user and user.* is
depending on file permissions. So, as isEnablePermissions flag is for file permissions, user.*
only should care about it but not trusted.*. I modified it to older code. For second comment,
as we wanted to show the xattr info in message, lets keep the xattr included message.

> Refine XAttr permissions
> ------------------------
>
>                 Key: HDFS-6556
>                 URL: https://issues.apache.org/jira/browse/HDFS-6556
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.5.0
>            Reporter: Yi Liu
>            Assignee: Uma Maheswara Rao G
>         Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch,
refinedPermissions-HDFS-6556-2.patch
>
>
> After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}}
namespace xattrs.
> *1.* For {{user}} namespace xattrs, In HDFS-6374, says "setXAttr should require the user
to be the owner of the file or directory", we have a bit misunderstanding. It actually is:
> {quote}
> The access permissions for user attributes are defined by the file permission bits. only
regular files and directories can have extended attributes. For sticky directories, only the
owner and privileged user can write attributes.
> {quote}
> We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35

> I also check in linux, it's controlled by the file permission bits for regular files
and directories (not sticky).
> *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser.
Actually superuser is enough. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message