[
https://issues.apache.org/jira/browse/HADOOP-7172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13023130#comment-13023130
]
Todd Lipcon commented on HADOOP-7172:
-------------------------------------
bq. Doesn't it make sense for createForWrite to get the same treatment
Well, the reason for this JIRA is that checking permissions is super-expensive,
since it shells out to {{ls -ld}}. But, for {{createForWrite}}, we only have to
check {{f.exists()}} which is only a syscall, and not too expensive.
So, I think we may as well keep the behavior we have for createForWrite.
bq. I found my brain wanting to rewrite the code as follows, feel free to
ignore if you think this is less clear.
Hm, I could go either way. Since we already have test-patch results, I'd like
to just keep it as is if that's alright.
> SecureIO should not check owner on non-secure clusters that have no native
> support
> ----------------------------------------------------------------------------------
>
> Key: HADOOP-7172
> URL: https://issues.apache.org/jira/browse/HADOOP-7172
> Project: Hadoop Common
> Issue Type: Bug
> Components: io, security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
> Fix For: 0.22.0
>
> Attachments: hadoop-7172.txt, hadoop-7172.txt, hadoop-7172.txt
>
>
> The SecureIOUtils.openForRead function currently uses a racy stat/open combo
> if security is disabled and the native libraries are not available. This ends
> up shelling out to "ls -ld" which is very very slow. We've seen this cause
> significant performance regressions on clusters that match this profile.
> Since the racy permissions check doesn't buy us any security anyway, we
> should just fall back to a normal "open" without any stat() at all, if we
> can't use the native support to do it efficiently.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
