Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-8312

Trash does not descent into child directories to check for permissions

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.2.0, 2.6.0, 2.7.2
    • 2.9.0, 2.7.4, 3.0.0-alpha1, 2.8.2
    • fs, security
    • None
    • Permissions are now checked when moving a file to Trash.

    Description

      HDFS trash does not descent into child directory to check if user has permission to delete files. For example:

      Run the following command to initialize directory structure as super user:

      hadoop fs -mkdir /BSS/level1
      hadoop fs -mkdir /BSS/level1/level2
      hadoop fs -mkdir /BSS/level1/level2/level3
      hadoop fs -put /tmp/appConfig.json /BSS/level1/level2/level3/testfile.txt
      hadoop fs -chown user1:users /BSS/level1/level2/level3/testfile.txt
      hadoop fs -chown -R user1:users /BSS/level1
      hadoop fs -chown -R 750 /BSS/level1
      hadoop fs -chmod -R 640 /BSS/level1/level2/level3/testfile.txt
      hadoop fs -chmod 775 /BSS
      

      Change to a normal user called user2.

      When trash is enabled:

      sudo su user2 -
      hadoop fs -rm -r /BSS/level1
      15/05/01 16:51:20 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 3600 minutes, Emptier interval = 0 minutes.
      Moved: 'hdfs://bdvs323.svl.ibm.com:9000/BSS/level1' to trash at: hdfs://bdvs323.svl.ibm.com:9000/user/user2/.Trash/Current
      

      When trash is disabled:

      /opt/ibm/biginsights/IHC/bin/hadoop fs -Dfs.trash.interval=0 -rm -r /BSS/level1
      15/05/01 16:58:31 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 0 minutes, Emptier interval = 0 minutes.
      rm: Permission denied: user=user2, access=ALL, inode="/BSS/level1":user1:users:drwxr-x---
      

      There is inconsistency between trash behavior and delete behavior. When trash is enabled, files owned by user1 is deleted by user2. It looks like trash does not recursively validate if the child directory files can be removed.

      Attachments

        1. HDFS-8312-001.patch
          11 kB
          Weiwei Yang
        2. HDFS-8312-002.patch
          11 kB
          Weiwei Yang
        3. HDFS-8312-003.patch
          11 kB
          Weiwei Yang
        4. HDFS-8312-004.patch
          11 kB
          Weiwei Yang
        5. HDFS-8312-005.patch
          11 kB
          Weiwei Yang
        6. HDFS-8312-branch-2.7.patch
          12 kB
          Brahma Reddy Battula
        7. HDFS-8312-branch-2.8.01.patch
          12 kB
          Weiwei Yang
        8. HDFS-8312-branch-2.8.1.001.patch
          12 kB
          Weiwei Yang
        9. HDFS-8312-testcase.patch
          4 kB
          Weiwei Yang

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            xiaoheipangzi lujie Assign to me
            eyang Eric Yang
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment