Re: Review Request 75255: RANGER-4980: Delete permissions on directory is denied which has hierarchy of files/directory rooted at the argument passed to the HDFS command

Tue, 05 Nov 2024 00:26:59 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75255/
-----------------------------------------------------------

(Updated Nov. 5, 2024, 7:30 a.m.)


Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan 
Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and 
Velmurugan Periasamy.


Bugs: RANGER-4980
    https://issues.apache.org/jira/browse/RANGER-4980


Repository: ranger


Description
-------

when chained plugin is enabled and all access is provided to a directory which 
has multiple files and directories under it and if a user tries to delete a 
that directory then access is denied.
Steps to repro:
create a policy which will grant all access to systest user on a directory.

Try performing write access. It should allow.
* hdfs dfs -mkdir /user/data/part_default1/state=98/dir1

Now, remove default ACL's on hdfs path
* hdfs dfs -chmod -R +000 /user/data/part_default1

Now, try delete operation. Access will be denied.
* hdfs dfs -rm -r -skipTrash /user/data/part_default1/state=98


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 8db08c598 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerAccessRequestUtil.java
 6546e287c 
  
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
 9ce25695c 


Diff: https://reviews.apache.org/r/75255/diff/1/


Testing
-------

- manually tested the scenario.
- ranger hdfs policy related sainty testing is done


Thanks,

Mahesh Bandal

Reply via email to