Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 03A9F1864D for ; Sat, 29 Aug 2015 02:32:47 +0000 (UTC) Received: (qmail 79988 invoked by uid 500); 29 Aug 2015 02:32:46 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 79932 invoked by uid 500); 29 Aug 2015 02:32:46 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 79915 invoked by uid 99); 29 Aug 2015 02:32:46 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 29 Aug 2015 02:32:46 +0000 Date: Sat, 29 Aug 2015 02:32:46 +0000 (UTC) From: "Arpit Agarwal (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HDFS-8983) NameNode support for protected directories MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-8983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arpit Agarwal updated HDFS-8983: -------------------------------- Attachment: HDFS-8983.04.patch Thanks [~jnp]! Addressed in .04 patch. Also updated {{FsDirectory#normalizePaths}} with more checks. Delta chunks .03 to .04. {code} - checkProtectedDescendants(fsd, src.endsWith(Path.SEPARATOR) ? - src.substring(0, src.length() - 1) : src); + checkProtectedDescendants(fsd, fsd.normalizePath(src)); {code} {code} - // {@link Path#SEPARATOR} is "/". + // {@link Path#SEPARATOR} is "/" and '0' is the next ASCII + // character after '/'. {code} {code} - * Reserved paths are ignored. + * Reserved paths, relative paths and paths with scheme are ignored. {code} {code} - final Collection normalized = new ArrayList(paths.size()); - for (String path : paths) { - if (isReservedName(path)) { - LOG.error("{} ignoring reserved path {}", errorString, path); + final Collection normalized = new ArrayList<>(paths.size()); + for (String dir : paths) { + if (isReservedName(dir)) { + LOG.error("{} ignoring reserved path {}", errorString, dir); } else { - normalized.add(normalizePath(path)); + final Path path = new Path(dir); + if (!path.isAbsolute()) { + LOG.error("{} ignoring relative path {}", errorString, dir); + } else if (path.toUri().getScheme() != null) { + LOG.error("{} ignoring path {} with scheme", errorString, dir); + } else { + normalized.add(path.toString()); + } {code} And three new tests for the additional checks in {{normalizePaths}}. > NameNode support for protected directories > ------------------------------------------ > > Key: HDFS-8983 > URL: https://issues.apache.org/jira/browse/HDFS-8983 > Project: Hadoop HDFS > Issue Type: Improvement > Components: namenode > Affects Versions: 2.7.1 > Reporter: Arpit Agarwal > Assignee: Arpit Agarwal > Attachments: HDFS-8393.01.patch, HDFS-8393.02.patch, HDFS-8983.03.patch, HDFS-8983.04.patch > > > To protect important system directories from inadvertent deletion (e.g. /Users) the NameNode can allow marking directories as _protected_. Such directories cannot be deleted unless they are empty. -- This message was sent by Atlassian JIRA (v6.3.4#6332)