Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.16.0
-
None
-
None
Description
Shell command "rm" is really "mv" to trash with the expectation that the server will at some point really delete the contents of trash. With the advent of permissions, a user can "mv" folders that the user cannot "rm". The present trash feature as implemented would allow the user to suborn the server into deleting a folder in violation of the permissions model.
A related issue is that if anybody can mv a folder to the trash anybody else can mv that same folder from the trash. This may be contrary to the expectations of the user.
What is a better model for trash?
Attachments
Attachments
Issue Links
- is blocked by
-
HADOOP-2567 add FileSystem#getHomeDirectory() method
- Closed
- is related to
-
HADOOP-8598 Server-side Trash
- Open
- relates to
-
HDFS-8312 Trash does not descent into child directories to check for permissions
- Resolved