[HDFS-8312] Trash does not descent into child directories to check for permissions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.2.0, 2.6.0, 2.7.2
Fix Version/s: 2.9.0, 2.7.4, 3.0.0-alpha1, 2.8.2
Component/s: fs, security
Labels:
None

Target Version/s:

2.7.4
Release Note:
Permissions are now checked when moving a file to Trash.

Description

HDFS trash does not descent into child directory to check if user has permission to delete files. For example:

Run the following command to initialize directory structure as super user:

hadoop fs -mkdir /BSS/level1
hadoop fs -mkdir /BSS/level1/level2
hadoop fs -mkdir /BSS/level1/level2/level3
hadoop fs -put /tmp/appConfig.json /BSS/level1/level2/level3/testfile.txt
hadoop fs -chown user1:users /BSS/level1/level2/level3/testfile.txt
hadoop fs -chown -R user1:users /BSS/level1
hadoop fs -chown -R 750 /BSS/level1
hadoop fs -chmod -R 640 /BSS/level1/level2/level3/testfile.txt
hadoop fs -chmod 775 /BSS

Change to a normal user called user2.

When trash is enabled:

sudo su user2 -
hadoop fs -rm -r /BSS/level1
15/05/01 16:51:20 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 3600 minutes, Emptier interval = 0 minutes.
Moved: 'hdfs://bdvs323.svl.ibm.com:9000/BSS/level1' to trash at: hdfs://bdvs323.svl.ibm.com:9000/user/user2/.Trash/Current

When trash is disabled:

/opt/ibm/biginsights/IHC/bin/hadoop fs -Dfs.trash.interval=0 -rm -r /BSS/level1
15/05/01 16:58:31 INFO fs.TrashPolicyDefault: Namenode trash configuration: Deletion interval = 0 minutes, Emptier interval = 0 minutes.
rm: Permission denied: user=user2, access=ALL, inode="/BSS/level1":user1:users:drwxr-x---

There is inconsistency between trash behavior and delete behavior. When trash is enabled, files owned by user1 is deleted by user2. It looks like trash does not recursively validate if the child directory files can be removed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HDFS-8312-testcase.patch
12/Aug/16 08:38
4 kB
Weiwei Yang
HDFS-8312-001.patch
16/Aug/16 02:53
11 kB
Weiwei Yang
HDFS-8312-002.patch
16/Aug/16 07:18
11 kB
Weiwei Yang
HDFS-8312-003.patch
17/Aug/16 06:29
11 kB
Weiwei Yang
HDFS-8312-004.patch
18/Aug/16 04:02
11 kB
Weiwei Yang
HDFS-8312-005.patch
19/Aug/16 01:31
11 kB
Weiwei Yang
HDFS-8312-branch-2.8.01.patch
18/Oct/16 05:06
12 kB
Weiwei Yang
HDFS-8312-branch-2.7.patch
09/May/17 05:59
12 kB
Brahma Reddy Battula
HDFS-8312-branch-2.8.1.001.patch
17/May/17 00:33
12 kB
Weiwei Yang

Issue Links

is related to

HADOOP-7064 FsShell does not properly check permissions of files in a directory when doing rmr

Open

HDFS-11829 Backport HDFS-8312 to branch 2.8.1

Resolved

HADOOP-2514 Trash and permissions don't mix

Closed

relates to

HDFS-11784 Backport HDFS-8312 to branch-2.7: Trash does not descent into child directories to check for permissions

Resolved

HADOOP-13867 FilterFileSystem should override rename(.., options) to take effect of Rename options called via FilterFileSystem implementations

Resolved

Activity

People

Assignee:: lujie

Reporter:: Eric Yang

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 02/May/15 00:05

Updated:: 08/Jul/23 04:49

Resolved:: 23/Aug/16 01:35