[jira] [Commented] (HADOOP-7064) FsShell does not properly check permissions of files in a directory when doing rmr

Thu, 04 Aug 2016 02:22:08 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-7064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15407466#comment-15407466
 ] 

Weiwei Yang commented on HADOOP-7064:
-------------------------------------

Agree with [~alangates], this is the same issue reported in HDFS-8312, we 
should get this fixed. Otherwise HDFS opens security hole that allows user to 
delete other user's file. I have commented more in [here | 
https://issues.apache.org/jira/browse/HDFS-8312?focusedCommentId=15407456&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15407456],
 and a propose to fix this, not in code level, but I am going to work on it 
shortly. Let me know if it makes sense.

> FsShell does not properly check permissions of files in a directory when 
> doing rmr
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-7064
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7064
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 0.20.2
>            Reporter: Alan Gates
>
> In POSIX file semantics, the ability to remove an entry a file is determined 
> by whether the user has write permissions on the directory containing the 
> file.  However, to delete recursively (rm -r) the user must have write 
> permissions in all directories being removed.  Thus if you have a directory 
> structure like /a/b/c and a user has write permissions on a but not on b, 
> then he is not allowed to do 'rm -r b'.  This is because he does not have 
> permissions to remove c, so the rm of b fails, even though he has permission 
> to remove b.
> However, 'hadoop fs -rmr b' removes both b and c in this case.  It should 
> instead fail and return an error message saying the user does not have 
> permission to remove c.  'hadoop fs -rmr c' correctly fails.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to