Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-10276

HDFS should not expose path info that user has no permission to see.

    Details

    • Hadoop Flags:
      Reviewed

      Description

      This following issue is remedied by HDFS-5802.

      Given you have a file /file an existence check for the path /file/whatever will give different responses for different implementations of FileSystem.

      LocalFileSystem will return false while DistributedFileSystem will throw org.apache.hadoop.security.AccessControlException: Permission denied: ..., access=EXECUTE, ...

      However, HDFS-5802 may expose information about a path that user doesn't have permission to see.

      For example, if the user asks for /a/b/c, but does not have permission to list /a, we should not complain about /a/b

        Attachments

        1. HDFS-10276.001.patch
          2 kB
          Yuanbo Liu
        2. HDFS-10276.002.patch
          3 kB
          Yuanbo Liu
        3. HDFS-10276.003.patch
          12 kB
          Yuanbo Liu
        4. HDFS-10276.004.patch
          11 kB
          Yuanbo Liu
        5. HDFS-10276.005.patch
          3 kB
          Yuanbo Liu
        6. HDFS-10276.006.patch
          4 kB
          Yuanbo Liu

          Issue Links

            Activity

              People

              • Assignee:
                yuanbo Yuanbo Liu
                Reporter:
                kevincox Kevin Cox
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: