hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weiwei Yang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8312) Trash does not descent into child directories to check for permissions
Date Fri, 12 Aug 2016 08:52:20 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15418538#comment-15418538
] 

Weiwei Yang commented on HDFS-8312:
-----------------------------------

Attached a test case demonstrated this issue, see [^HDFS-8312-testcase.patch]. Also thinking
on how to fix it. There are generally two options 

1) Trash now calls {{FileSystem.rename}} to move file/dir to trash dir, so it only checks
rename permission. A fix is to add a new method to check if delete is permitted, expose that
from FileSystem API so we can check if user has permission to delete before rename in trash
code.

2) Improve {{Emptier}} code logic to let emptier run per user, so even user removes somebody
else stuff to trash, the emptier will still not be able to remove it because it's not permitted
by this user. This is better than delete ... 

I personal prefer option 1 because 2 looks like a partial fix, we should avoid user moving
things to trash if it is not allowed to at first place. 

Any suggestions ? Appreciate!

> Trash does not descent into child directories to check for permissions
> ----------------------------------------------------------------------
>
>                 Key: HDFS-8312
>                 URL: https://issues.apache.org/jira/browse/HDFS-8312
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: fs, security
>    Affects Versions: 2.2.0, 2.6.0, 2.7.2
>            Reporter: Eric Yang
>            Assignee: Weiwei Yang
>         Attachments: HDFS-8312-testcase.patch
>
>
> HDFS trash does not descent into child directory to check if user has permission to delete
files.  For example:
> Run the following command to initialize directory structure as super user:
> {code}
> hadoop fs -mkdir /BSS/level1
> hadoop fs -mkdir /BSS/level1/level2
> hadoop fs -mkdir /BSS/level1/level2/level3
> hadoop fs -put /tmp/appConfig.json /BSS/level1/level2/level3/testfile.txt
> hadoop fs -chown user1:users /BSS/level1/level2/level3/testfile.txt
> hadoop fs -chown -R user1:users /BSS/level1
> hadoop fs -chown -R 750 /BSS/level1
> hadoop fs -chmod -R 640 /BSS/level1/level2/level3/testfile.txt
> hadoop fs -chmod 775 /BSS
> {code}
> Change to a normal user called user2. 
> When trash is enabled:
> {code}
> sudo su user2 -
> hadoop fs -rm -r /BSS/level1
> 15/05/01 16:51:20 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion
interval = 3600 minutes, Emptier interval = 0 minutes.
> Moved: 'hdfs://bdvs323.svl.ibm.com:9000/BSS/level1' to trash at: hdfs://bdvs323.svl.ibm.com:9000/user/user2/.Trash/Current
> {code}
> When trash is disabled:
> {code}
> /opt/ibm/biginsights/IHC/bin/hadoop fs -Dfs.trash.interval=0 -rm -r /BSS/level1
> 15/05/01 16:58:31 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion
interval = 0 minutes, Emptier interval = 0 minutes.
> rm: Permission denied: user=user2, access=ALL, inode="/BSS/level1":user1:users:drwxr-x---
> {code}
> There is inconsistency between trash behavior and delete behavior.  When trash is enabled,
files owned by user1 is deleted by user2.  It looks like trash does not recursively validate
if the child directory files can be removed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message