Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-10276

HDFS should not expose path info that user has no permission to see.

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      This following issue is remedied by HDFS-5802.

      Given you have a file /file an existence check for the path /file/whatever will give different responses for different implementations of FileSystem.

      LocalFileSystem will return false while DistributedFileSystem will throw org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...

      However, HDFS-5802 may expose information about a path that user doesn't have permission to see.

      For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b

      Attachments

        1. HDFS-10276.001.patch
          2 kB
          Yuanbo Liu
        2. HDFS-10276.002.patch
          3 kB
          Yuanbo Liu
        3. HDFS-10276.003.patch
          12 kB
          Yuanbo Liu
        4. HDFS-10276.004.patch
          11 kB
          Yuanbo Liu
        5. HDFS-10276.005.patch
          3 kB
          Yuanbo Liu
        6. HDFS-10276.006.patch
          4 kB
          Yuanbo Liu

        Issue Links

          Activity

            People

              yuanbo Yuanbo Liu
              kevincox Kevin Cox
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: