Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.17.2
    • Fix Version/s: 0.21.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Fsck now checks permissions as directories are traversed. Any user can now use fsck, but information is provided only for directories the user has permission to read.

      Description

      Quoting from HADOOP-3222 ("fsck should require superuser privilege"),

      I agree that it makes sense to make fsck do permission checking for the nodes that it traverses. If a user does a fsck on files/directories that he/she has access to (using permissions) then that invocation of fsck should be allowed. Since "/" is usually owned by super-user, only super-user should be allowed to run fsck on "/".

      1. 4268_20081217.patch
        15 kB
        Tsz Wo Nicholas Sze
      2. 4268_20081218.patch
        18 kB
        Tsz Wo Nicholas Sze
      3. 4268_20081218b.patch
        26 kB
        Tsz Wo Nicholas Sze
      4. 4268_20081230.patch
        23 kB
        Tsz Wo Nicholas Sze
      5. HADOOP-4268-0_20.2.patch
        23 kB
        Jitendra Nath Pandey

        Issue Links

          Activity

          Gavin made changes -
          Link This issue depends upon HADOOP-4896 [ HADOOP-4896 ]
          Gavin made changes -
          Link This issue depends on HADOOP-4896 [ HADOOP-4896 ]
          Tom White made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Jitendra Nath Pandey made changes -
          Attachment HADOOP-4268-0_20.2.patch [ 12428975 ]
          Robert Chansler made changes -
          Release Note Add permission checking on fsck. Before the changes, fsck invokes NameNode internal methods directly. So that any user can run fsck on any path, even for the path they do not have permission to access the files. After the changes, fsck invokes the ClientProtocol methods. Then the corresponding permission requirement for running the ClientProtocol methods will be enforced. Fsck now checks permissions as directories are traversed. Any user can now use fsck, but information is provided only for directories the user has permission to read.
          Owen O'Malley made changes -
          Component/s dfs [ 12310710 ]
          Tsz Wo Nicholas Sze made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Hadoop Flags [Reviewed, Incompatible change] [Incompatible change, Reviewed]
          Resolution Fixed [ 1 ]
          Tsz Wo Nicholas Sze made changes -
          Fix Version/s 0.21.0 [ 12313563 ]
          Release Note Add permission checking on fsck. Before the changes, fsck invokes NameNode internal methods directly. So that any user can run fsck on any path, even for the path they do not have permission to access the files. After the changes, fsck invokes the ClientProtocol methods. Then the corresponding permission requirement for running the ClientProtocol methods will be enforced.
          Status Open [ 1 ] Patch Available [ 10002 ]
          Assignee Tsz Wo (Nicholas), SZE [ szetszwo ]
          Hadoop Flags [Incompatible change, Reviewed]
          Tsz Wo Nicholas Sze made changes -
          Attachment 4268_20081230.patch [ 12396928 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 4268_20081218b.patch [ 12396443 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 4268_20081218.patch [ 12396438 ]
          Tsz Wo Nicholas Sze made changes -
          Link This issue depends on HADOOP-4896 [ HADOOP-4896 ]
          Tsz Wo Nicholas Sze made changes -
          Attachment 4268_20081217.patch [ 12396370 ]
          Koji Noguchi made changes -
          Field Original Value New Value
          Link This issue is related to HADOOP-3222 [ HADOOP-3222 ]
          Koji Noguchi created issue -

            People

            • Assignee:
              Tsz Wo Nicholas Sze
              Reporter:
              Koji Noguchi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development