Major Description
As reported by bigdatagroup <bigdatagroup@itecons.it> on hadoop-users mailing list:
We exported our distributed filesystem with the following configuration (Managed by Cloudera Manager over CDH 5.0.1):
<property>
<name>dfs.nfs.exports.allowed.hosts</name>
<value>192.168.0.153 ro</value>
</property>
As you can see, we expect the exported FS to be read-only, but in fact we are able to delete files and folders stored on it (where the user has the correct permissions), from the client machine that mounted the FS.
Other writing operations are correctly blocked.
Hadoop Version in use: 2.3.0+cdh5.0.1+567"
I was able to reproduce the issue on latest hadoop trunk. Though I could only delete files, deleting directories were correctly blocked:
abutala@abutala-vBox:/mnt/hdfs$ mount | grep 127 127.0.1.1:/ on /mnt/hdfs type nfs (rw,vers=3,proto=tcp,nolock,addr=127.0.1.1) abutala@abutala-vBox:/mnt/hdfs$ ls -lh total 512 -rw-r--r-- 1 abutala supergroup 0 Jul 17 18:51 abc.txt drwxr-xr-x 2 abutala supergroup 64 Jul 17 18:31 temp abutala@abutala-vBox:/mnt/hdfs$ rm abc.txt abutala@abutala-vBox:/mnt/hdfs$ ls temp abutala@abutala-vBox:/mnt/hdfs$ rm -r temp rm: cannot remove `temp': Permission denied abutala@abutala-vBox:/mnt/hdfs$ ls temp abutala@abutala-vBox:/mnt/hdfs$
Contents of hdfs-site.xml:
<configuration>
<property>
<name>dfs.nfs3.dump.dir</name>
<value>/tmp/.hdfs-nfs3</value>
</property>
<property>
<name>dfs.nfs.exports.allowed.hosts</name>
<value>localhost ro</value>
</property>
</configuration>