hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-10276) HDFS should not expose path info that user has no permission to see.
Date Thu, 26 May 2016 19:13:12 GMT

     [ https://issues.apache.org/jira/browse/HDFS-10276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yongjun Zhang updated HDFS-10276:
---------------------------------
    Description: 
Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give
different responses for different implementations of FileSystem.

LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException:
Permission denied: ..., access=EXECUTE, ...}}

This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about a
path that user doesn't have permission to see. 

For example, if the user asks for /a/b/c, but does not have permission to list /a, we should
not complain about /a/b


  was:
Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will give
different responses for different implementations of FileSystem.

LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException:
Permission denied: ..., access=EXECUTE, ...}}

This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about a
path that a user doesn't have permission to see. 

For example, if the user asks for /a/b/c, but does not have permission to list /a, we should
not complain about /a/b



> HDFS should not expose path info that user has no permission to see.
> --------------------------------------------------------------------
>
>                 Key: HDFS-10276
>                 URL: https://issues.apache.org/jira/browse/HDFS-10276
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Kevin Cox
>            Assignee: Yuanbo Liu
>         Attachments: HDFS-10276.001.patch, HDFS-10276.002.patch, HDFS-10276.003.patch,
HDFS-10276.004.patch, HDFS-10276.005.patch, HDFS-10276.006.patch
>
>
> Given you have a file {{/file}} an existence check for the path {{/file/whatever}} will
give different responses for different implementations of FileSystem.
> LocalFileSystem will return false while DistributedFileSystem will throw {{org.apache.hadoop.security.AccessControlException:
Permission denied: ..., access=EXECUTE, ...}}
> This above issue is fixed by HDFS-5802. However, HDFS-5802 may expose information about
a path that user doesn't have permission to see. 
> For example, if the user asks for /a/b/c, but does not have permission to list /a, we
should not complain about /a/b



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message