[
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556147#action_12556147
]
Robert Chansler commented on HADOOP-2514:
-----------------------------------------
I agree with Sanjay that we my be close to consensus. But I'd like to suggest
that we're trying too hard in support of a couple of details.
1. Users without a home directory: Why bother with a public trash can that just
reintroduces some of the problems we'd like to eliminate. If mv fails, just do
rm right now.
2. ~/trash vs /trash/user: We seem to be trading a dubious optimization (not
having the compactor read one directory) for additional administrative
complexity.
3. Most files are (I suppose!) deleted programmatically. Is there any need for
shell rm to be more efficient than an application program?
On a more philosophical note, if I can mv something to a hidden (inaccessible)
location, why shouldn't I be able to rm the whole thing regardless of interior
permissions? (Absent links.)
> Trash and permissions don't mix
> -------------------------------
>
> Key: HADOOP-2514
> URL: https://issues.apache.org/jira/browse/HADOOP-2514
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.16.0
> Reporter: Robert Chansler
> Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the
> server will at some point really delete the contents of trash. With the
> advent of permissions, a user can "mv" folders that the user cannot "rm". The
> present trash feature as implemented would allow the user to suborn the
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else
> can mv that same folder from the trash. This may be contrary to the
> expectations of the user.
> What is a better model for trash?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
