[jira] [Commented] (HADOOP-14768) Honoring sticky bit during Deletion when authorization is enabled in WASB

Thu, 21 Sep 2017 10:24:28 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16175142#comment-16175142
 ] 

Varada Hemeswari commented on HADOOP-14768:
-------------------------------------------

[~tmarq], I agree to the risk of performance and functionality. 

We are already considering sticky bit only if authorization is enabled. So I 
think adding another flag is unnecesary. Please note that the changes not only 
add sticky bit but also change semantics of delete when authorization is 
enabled.( introducing partial delete whereas previously failure of single auth 
check used to halt entire delete).These required the changes you pointed out, 
that may actually cause performance to regress. So seperate flag for stickybit 
may not be that useful.

I can make changes such that if authorization is not enabled, delete will 
continue along the previous legacy path or else the new changes will take 
effect. Let me know if this works.

> Honoring sticky bit during Deletion when authorization is enabled in WASB
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-14768
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14768
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/azure
>            Reporter: Varada Hemeswari
>            Assignee: Varada Hemeswari
>              Labels: fs, secure, wasb
>         Attachments: HADOOP-14768.001.patch, HADOOP-14768.002.patch, 
> HADOOP-14768.003.patch, HADOOP-14768.003.patch, HADOOP-14768.004.patch, 
> HADOOP-14768.004.patch
>
>
> When authorization is enabled in WASB filesystem, there is a need for 
> stickybit in cases where multiple users can create files under a shared 
> directory. This additional check for sticky bit is reqired since any user can 
> delete another user's file because the parent has WRITE permission for all 
> users.
> The purpose of this jira is to implement sticky bit equivalent for 'delete' 
> call when authorization is enabled.
> Note : Sticky bit implementation for 'Rename' operation is not done as part 
> of this JIRA



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to