[ https://issues.apache.org/jira/browse/HDFS-13205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tsz Wo Nicholas Sze resolved HDFS-13205. ---------------------------------------- Resolution: Not A Problem Resolving as Not A Problem. > Incorrect path is passed to checkPermission during authorization of file > under a snapshot (specifically under a subdir) after original subdir is > deleted > -------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: HDFS-13205 > URL: https://issues.apache.org/jira/browse/HDFS-13205 > Project: Hadoop HDFS > Issue Type: Bug > Components: snapshots > Affects Versions: 2.7.4 > Reporter: Raghavender Rao Guruvannagari > Assignee: Shashikant Banerjee > Priority: Major > > Steps to reproduce the issue. > +As 'hdfs' superuser+ > – Create a folder (/hdptest/test) with 700 permissions and ( > /hdptest/test/mydir) with 755. > --HDFS Ranger policy is defined with RWX for user "test" on /hdptest/test/ > recursively. > --Allow snapshot on the directory /hdptest/test/mydir: > {code:java} > #su - test > [test@node1 ~]$ hdfs dfs -ls /hdptest/test/mydir > [test@node1 ~]$ hdfs dfs -mkdir /hdptest/test/mydir/test > [test@node1 ~]$ hdfs dfs -put /etc/passwd /hdptest/test/mydir/test > [test@node1 ~]$ hdfs lsSnapshottableDir > drwxr-xr-x 0 test hdfs 0 2018-01-25 14:22 1 65536 /hdptest/test/mydir > > {code} > > -->Create Snapshot > {code:java} > [test@node1 ~]$ hdfs dfs -createSnapshot /hdptest/test/mydir > Created snapshot /hdptest/test/mydir/.snapshot/s20180125-135430.953 > {code} > -->Verifying that snapshot directory has the current files from directory > and verify the file is accessible .snapshot path: > {code:java} > [test@node1 ~]$ hdfs dfs -ls -R > /hdptest/test/mydir/.snapshot/s20180125-135430.953 > drwxr-xr-x - test hdfs 0 2018-01-25 13:53 > /hdptest/test/mydir/.snapshot/s20180125-135430.953/test > -rw-r--r-- 3 test hdfs 3227 2018-01-25 13:53 > /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd > [test@node1 ~]$ hdfs dfs -cat > /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail > livytest:x:1015:496::/home/livytest:/bin/bash > ehdpzepp:x:1016:496::/home/ehdpzepp:/bin/bash > zepptest:x:1017:496::/home/zepptest:/bin/bash > {code} > -->Remove the file from main directory and verified that file is still > accessible: > {code:java} > [test@node1 ~]$ hdfs dfs -rm /hdptest/test/mydir/test/passwd > 18/01/25 13:55:06 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://rangerSME/hdptest/test/mydir/test/passwd' to trash at: > hdfs://rangerSME/user/test/.Trash/Current/hdptest/test/mydir/test/passwd > [test@node1 ~]$ hdfs dfs -cat > /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail > livytest:x:1015:496::/home/livytest:/bin/bash > {code} > -->Remove the parent directory of the file which was deleted, now accessing > the same file under .snapshot dir fails with permission denied error > {code:java} > [test@node1 ~]$ hdfs dfs -rm -r /hdptest/test/mydir/test > 18/01/25 13:55:25 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://rangerSME/hdptest/test/mydir/test' to trash at: > hdfs://rangerSME/user/test/.Trash/Current/hdptest/test/mydir/test1516888525269 > [test@node1 ~]$ hdfs dfs -cat > /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail > cat: Permission denied: user=test, access=EXECUTE, > inode="/hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd":hdfs:hdfs:drwxr-x--- > > {code} > Ranger policies are not honored in this case for .snapshot directories/files > after main directory is deleted under snapshotable directory. > Workaround is to provide execute permission at HDFS level for the parent > folder > {code:java} > #su - hdfs > #hdfs dfs -chmod 701 /hdptest/test > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org