Hello Eric Yang and Luis Fernando Antonioli
I was able to reproduce this issue with following steps
I created user1 and user2, they both belongs to users group
uid=1007(user1) gid=1007(user1) groups=1007(user1),100(users)
uid=1009(user2) gid=1010(user2) groups=1010(user2),100(users)
As super user,
hadoop fs -mkdir /BSS
hadoop fs -chmod 777 /BSS
hadoop fs -mkdir /BSS/user1/
hadoop fs -put /tmp/test /BSS/user1/
hadoop chmod 600 /BSS/user1/test
hdfs dfs -ls -R /BSS
drwxr-xr-x - user1 users 0 2016-08-11 18:06 /BSS/user1
-rw------- 3 user1 users 4308 2016-08-11 18:06 /BSS/user1/test
As user2, try to delete /BSS/user1 directory with -skipTrash, it gives permission denied error (expected)
hadoop dfs -rmr -skipTrash /BSS/user1/
rmr: Permission denied: user=user2, access=ALL, inode="/BSS/user1":user1:users:drwxr-xr-x
try to delete the directory again without disabling trash,
hadoop dfs -rmr /BSS/user1/
16/08/04 01:47:53 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 360 minutes, Emptier interval = 0 minutes.
directory removed (unexpected).
This opens security hole that user is able to delete other user files, this should be fixed. Agree ?
Internally, trash calls rename and rm calls delete, that's why the behavior was not consistent, user2 has the permission to move the directory but not to delete
hadoop dfs -mv /BSS/user1 /user/user2/.Trash
hadoop dfs -ls /user/user2/.Trash
Found 2 items
drwx------ - user2 hdfs 0 2016-08-04 01:39 /user/user2/.Trash/Current
drwxr-xr-x - user1 users 0 2016-08-04 01:59 /user/user2/.Trash/user1
To fix this, when trash enabled, even it runs rename, we need to check delete permission because that is the intention (and the result) of the command. Assigned to myself to work on.