hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brandon Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6488) HDFS superuser unable to access user's Trash files using NFSv3 mount
Date Thu, 26 Feb 2015 23:47:05 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14339423#comment-14339423
] 

Brandon Li commented on HDFS-6488:
----------------------------------

With non-secure cluster, NFS gateway is stared by the proxy user. For secure HDFS cluster,
NFS gateway can be started by anyone as long as the user can access the kerberos keytab to
register as the proxy user. 
Maybe I missed something, but I don't recall any access to NN/DN requires superuser privilege
in the gateway. In hadoop1, we did have some NN rpc (getDiskStatus?) requires superuser privilege.







> HDFS superuser unable to access user's Trash files using NFSv3 mount
> --------------------------------------------------------------------
>
>                 Key: HDFS-6488
>                 URL: https://issues.apache.org/jira/browse/HDFS-6488
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.3.0
>            Reporter: Stephen Chu
>
> As hdfs superuseruser on the NFS mount, I cannot cd or ls the /user/schu/.Trash directory:
> {code}
> bash-4.1$ cd .Trash/
> bash: cd: .Trash/: Permission denied
> bash-4.1$ ls -la
> total 2
> drwxr-xr-x 4 schu 2584148964 128 Jan  7 10:42 .
> drwxr-xr-x 4 hdfs 2584148964 128 Jan  6 16:59 ..
> drwx------ 2 schu 2584148964  64 Jan  7 10:45 .Trash
> drwxr-xr-x 2 hdfs hdfs        64 Jan  7 10:42 tt
> bash-4.1$ ls .Trash
> ls: cannot open directory .Trash: Permission denied
> bash-4.1$
> {code}
> When using FsShell as hdfs superuser, I have superuser permissions to schu's .Trash contents:
> {code}
> bash-4.1$ hdfs dfs -ls -R /user/schu/.Trash
> drwx------   - schu supergroup          0 2014-01-07 10:48 /user/schu/.Trash/Current
> drwx------   - schu supergroup          0 2014-01-07 10:48 /user/schu/.Trash/Current/user
> drwx------   - schu supergroup          0 2014-01-07 10:48 /user/schu/.Trash/Current/user/schu
> -rw-r--r--   1 schu supergroup          4 2014-01-07 10:48 /user/schu/.Trash/Current/user/schu/tf1
> {code}
> The NFSv3 logs don't produce any error when superuser tries to access schu Trash contents.
However, for other permission errors (e.g. schu tries to delete a directory owned by hdfs),
there will be a permission error in the logs.
> I think this is not specific to the .Trash directory perhaps.
> I created a /user/schu/dir1 which has the same permissions as .Trash (700). When I try
cd'ing into the directory from the NFSv3 mount as hdfs superuser, I get the same permission
denied.
> {code}
> [schu@hdfs-nfs ~]$ hdfs dfs -ls
> Found 4 items
> drwx------   - schu supergroup          0 2014-01-07 10:57 .Trash
> drwx------   - schu supergroup          0 2014-01-07 11:05 dir1
> -rw-r--r--   1 schu supergroup          4 2014-01-07 11:05 tf1
> drwxr-xr-x   - hdfs hdfs                0 2014-01-07 10:42 tt
> bash-4.1$ whoami
> hdfs
> bash-4.1$ pwd
> /hdfs_nfs_mount/user/schu
> bash-4.1$ cd dir1
> bash: cd: dir1: Permission denied
> bash-4.1$
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message