[
https://issues.apache.org/jira/browse/HADOOP-9006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chuan Liu updated HADOOP-9006:
------------------------------
Attachment: HADOOP-9006-branch-1-win.patch
Attach a path.
We did the following two changes for chmod and chown respectively:
1) For 'chmod', we will give Administrator, SYSTEM, file creator full
permission, and inheritable (OI, CI). One exception is if Administrator or
System account set permission itself. In this case, we will set the permission
according to the instruction instead of giving them full permission as in the
default setting.
2) For 'chown', we will get the old Unix permission, and set the ownership,
then re-apply the old Unix permission to the new file owner. This differs
greatly with previous version. In previous version, we will go through the DACL
list and alter each entry belong to the old owner in the list to the new owner.
> Winutils should keep Administrators privileges intact
> -----------------------------------------------------
>
> Key: HADOOP-9006
> URL: https://issues.apache.org/jira/browse/HADOOP-9006
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 1-win
> Reporter: Chuan Liu
> Assignee: Chuan Liu
> Priority: Minor
> Fix For: 1-win
>
> Attachments: HADOOP-9006-branch-1-win.patch
>
>
> This issue was originally discovered by [~ivanmi]. Cite his words as follows.
> {quote}
> Current by design behavior is for winutils to ACL the folders only for the
> user passed in thru chmod/chown. This causes some un-natural side effects in
> cases where Hadoop services run in the context of a non-admin user. For
> example, Administrators on the box will no longer be able to:
> - delete files created in the context of Hadoop services (other users)
> - check the size of the folder where HDFS blocks are stored
> {quote}
> In my opinion, it is natural for some special accounts on Windows to be able
> to access all the folders, including Hadoop folders. This is similar to Linux
> in the way root users on Linux can always access any directories regardless
> the permissions set the those directories.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
