Hadoop Common
  1. Hadoop Common
  2. HADOOP-7064

FsShell does not properly check permissions of files in a directory when doing rmr

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 0.20.2
    • Fix Version/s: None
    • Component/s: fs
    • Labels:
      None

      Description

      In POSIX file semantics, the ability to remove an entry a file is determined by whether the user has write permissions on the directory containing the file. However, to delete recursively (rm -r) the user must have write permissions in all directories being removed. Thus if you have a directory structure like /a/b/c and a user has write permissions on a but not on b, then he is not allowed to do 'rm -r b'. This is because he does not have permissions to remove c, so the rm of b fails, even though he has permission to remove b.

      However, 'hadoop fs -rmr b' removes both b and c in this case. It should instead fail and return an error message saying the user does not have permission to remove c. 'hadoop fs -rmr c' correctly fails.

        Activity

        Hide
        Tsz Wo Nicholas Sze added a comment -

        In Hadoop, "fs -rmr" without -skipTrash actually is "move to trash" if trash is enabled. It will call or FileSystem.rename(..). Therefore, it is allowed. Move is also allowed in POSFIX.

        There will be a permission denied for "fs -rmr -skipTrash", which will call FileSystem.delete(..).

        Show
        Tsz Wo Nicholas Sze added a comment - In Hadoop, "fs -rmr" without -skipTrash actually is "move to trash" if trash is enabled. It will call or FileSystem.rename(..). Therefore, it is allowed. Move is also allowed in POSFIX. There will be a permission denied for "fs -rmr -skipTrash", which will call FileSystem.delete(..).
        Hide
        Alan Gates added a comment -

        This seems wrong to me. The fact that rm is implemented as a move underneath is not important to the user. The user expects certain semantics from rm. HDFS has claimed that it follows POSIX semantics, which as far as I can tell, makes no allowance for whether the data is actually removed or moved to a trash directory. Further, the fact that rm requires different permissions depending on whether you are using a trash directory is a broken and confusing semantic.

        Show
        Alan Gates added a comment - This seems wrong to me. The fact that rm is implemented as a move underneath is not important to the user. The user expects certain semantics from rm. HDFS has claimed that it follows POSIX semantics, which as far as I can tell, makes no allowance for whether the data is actually removed or moved to a trash directory. Further, the fact that rm requires different permissions depending on whether you are using a trash directory is a broken and confusing semantic.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Let's move this from HDFS to Common since this is a FsShell and Trash issue. HDFS implementation does check permission correctly.

        Show
        Tsz Wo Nicholas Sze added a comment - Let's move this from HDFS to Common since this is a FsShell and Trash issue. HDFS implementation does check permission correctly.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        Also edited title.

        Show
        Tsz Wo Nicholas Sze added a comment - Also edited title.

          People

          • Assignee:
            Unassigned
            Reporter:
            Alan Gates
          • Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

            • Created:
              Updated:

              Development