[
https://issues.apache.org/jira/browse/HDFS-13205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz Wo Nicholas Sze resolved HDFS-13205.
----------------------------------------
Resolution: Not A Problem
Resolving as Not A Problem.
> Incorrect path is passed to checkPermission during authorization of file
> under a snapshot (specifically under a subdir) after original subdir is
> deleted
> --------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-13205
> URL: https://issues.apache.org/jira/browse/HDFS-13205
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: snapshots
> Affects Versions: 2.7.4
> Reporter: Raghavender Rao Guruvannagari
> Assignee: Shashikant Banerjee
> Priority: Major
>
> Steps to reproduce the issue.
> +As 'hdfs' superuser+
> – Create a folder (/hdptest/test) with 700 permissions and (
> /hdptest/test/mydir) with 755.
> --HDFS Ranger policy is defined with RWX for user "test" on /hdptest/test/
> recursively.
> --Allow snapshot on the directory /hdptest/test/mydir:
> {code:java}
> #su - test
> [test@node1 ~]$ hdfs dfs -ls /hdptest/test/mydir
> [test@node1 ~]$ hdfs dfs -mkdir /hdptest/test/mydir/test
> [test@node1 ~]$ hdfs dfs -put /etc/passwd /hdptest/test/mydir/test
> [test@node1 ~]$ hdfs lsSnapshottableDir
> drwxr-xr-x 0 test hdfs 0 2018-01-25 14:22 1 65536 /hdptest/test/mydir
>
> {code}
>
> -->Create Snapshot
> {code:java}
> [test@node1 ~]$ hdfs dfs -createSnapshot /hdptest/test/mydir
> Created snapshot /hdptest/test/mydir/.snapshot/s20180125-135430.953
> {code}
> -->Verifying that snapshot directory has the current files from directory
> and verify the file is accessible .snapshot path:
> {code:java}
> [test@node1 ~]$ hdfs dfs -ls -R
> /hdptest/test/mydir/.snapshot/s20180125-135430.953
> drwxr-xr-x - test hdfs 0 2018-01-25 13:53
> /hdptest/test/mydir/.snapshot/s20180125-135430.953/test
> -rw-r--r-- 3 test hdfs 3227 2018-01-25 13:53
> /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd
> [test@node1 ~]$ hdfs dfs -cat
> /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail
> livytest:x:1015:496::/home/livytest:/bin/bash
> ehdpzepp:x:1016:496::/home/ehdpzepp:/bin/bash
> zepptest:x:1017:496::/home/zepptest:/bin/bash
> {code}
> -->Remove the file from main directory and verified that file is still
> accessible:
> {code:java}
> [test@node1 ~]$ hdfs dfs -rm /hdptest/test/mydir/test/passwd
> 18/01/25 13:55:06 INFO fs.TrashPolicyDefault: Moved:
> 'hdfs://rangerSME/hdptest/test/mydir/test/passwd' to trash at:
> hdfs://rangerSME/user/test/.Trash/Current/hdptest/test/mydir/test/passwd
> [test@node1 ~]$ hdfs dfs -cat
> /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail
> livytest:x:1015:496::/home/livytest:/bin/bash
> {code}
> -->Remove the parent directory of the file which was deleted, now accessing
> the same file under .snapshot dir fails with permission denied error
> {code:java}
> [test@node1 ~]$ hdfs dfs -rm -r /hdptest/test/mydir/test
> 18/01/25 13:55:25 INFO fs.TrashPolicyDefault: Moved:
> 'hdfs://rangerSME/hdptest/test/mydir/test' to trash at:
> hdfs://rangerSME/user/test/.Trash/Current/hdptest/test/mydir/test1516888525269
> [test@node1 ~]$ hdfs dfs -cat
> /hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd | tail
> cat: Permission denied: user=test, access=EXECUTE,
> inode="/hdptest/test/mydir/.snapshot/s20180125-135430.953/test/passwd":hdfs:hdfs:drwxr-x---
>
> {code}
> Ranger policies are not honored in this case for .snapshot directories/files
> after main directory is deleted under snapshotable directory.
> Workaround is to provide execute permission at HDFS level for the parent
> folder
> {code:java}
> #su - hdfs
> #hdfs dfs -chmod 701 /hdptest/test
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
