[jira] [Commented] (HADOOP-16885) Encryption zone file copy failure leaks temp file ._COPYING_ and wrapped stream

Tue, 25 Feb 2020 09:36:24 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17044689#comment-17044689
 ] 

Xiaoyu Yao commented on HADOOP-16885:
-------------------------------------

Repro steps (Thanks Olivér Dózsa)
kinit as hdfs
Try to copy to encrypted zone directory
hdfs dfs -cp /tmp/kms_text_file.txt 
/kms_test/encrypted_dirs/test_dir/kms_text_file.txt
Observe that user hdfs doesn't have permission to do decrypt EEK. (as expected)
On HDP 3.1.5.0-152, the following can be seen:
     Failed to close file: 
/kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_ with inode: 18159
     org.apache.hadoop.ipc.RemoteException(java.io.FileNotFoundException): File 
does not exist: /kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_ 
(inode 18159) Holder DFSClient_NONMAPREDUCE_1857410465_1 does not have any open 
files.
Execute

hdfs dfs -ls /kms_test/encrypted_dirs/test_dir/
and observe there's *no*

kms_text_file.txt._COPYING_
file present.

On HDP 7.1.0.1000-7, no error message can be seen.
Execute
hdfs dfs -ls /kms_test/encrypted_dirs/test_dir/
and observe there's a

kms_text_file.txt._COPYING_
file present.

kinit as user1 (kinit -k -t /home/hrt_qa/hadoopqa/keytabs/user1.headless.keytab 
user1)
Try to copy file to encrypted directory again
hdfs dfs -cp /tmp/kms_text_file.txt 
/kms_test/encrypted_dirs/test_dir/kms_text_file.txt
The following happens:
On HDP 3.1.5.0-152 it succeeds, no error message is shown.
On HDP 7.1.0.1000-7 the operation fails with
cp: Permission denied: user=user1, access=WRITE, 
inode="/kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_":hdfs:hdfs:-rw-r--r--
Expected behavior
Step 5. should succeed. No file with

_COPYING_
suffix should be created when user with no permission tries to copy to a 
restricted directory.

> Encryption zone file copy failure leaks temp file ._COPYING_ and wrapped 
> stream
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-16885
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16885
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.3.0
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>
> Copy file into encryption on  trunk with HADOOP-16490 caused a leaking temp 
> file _COPYING_ left and potential wrapped stream unclosed. This ticked is 
> opened to track the fix for it. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to