In TrashPolicyDefault, the .Trash directory will be created with permission 700 (and without sticky bit) by the first user that moves a file to the trash. This is an issue when other users try to move files to that trash because they may not have the permission to move to that trash if the trash root is shared. – in this case, snapshottable directories.
This only affects users when trash is enabled inside snapshottable directories (dfs.namenode.snapshot.trashroot.enabled set to true), and when a user performing move to trash operations doesn't have admin permissions.
Solution: Create a .Trash directory with 777 permission and sticky bits enabled (similar solution as
Also need to deal with some corner cases:
1. even when the snapshottable directory trash root config is not enabled (dfs.namenode.snapshot.trashroot.enabled set to false), create the .Trash directory anyway? Or should we ask the admin to provision trash manually after enabling dfs.namenode.snapshot.trashroot.enabled on an existing cluster?
- If the cluster is just upgraded, we need to provision trash manually anyway.
2. When immediately disallowing trash, it shouldn't fail. just remove the .Trash directory when disallowing snapshot on a dir if it is empty?