[
https://issues.apache.org/jira/browse/HDFS-11557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15946167#comment-15946167
]
Chen Liang commented on HDFS-11557:
-----------------------------------
Thanks [~dmtucker] for showing the steps! Very helpful, I did manage to
reproduce the issue following these steps.
After checking the code, I think this is because the code is written that, if
the directory to be deleted is empty, the permission check is (again) bypassed.
I created a file under the directory, it then prevented me from deleting the
directory:
{code}
$ ./bin/hdfs dfs -ls /test/dir
ls: Permission denied: user=someone2, access=READ_EXECUTE,
inode="/test/dir":someone2:supergroup:d-w--w--w-
$ ./bin/hdfs dfs -chmod 777 /test/dir
$ ./bin/hdfs dfs -touchz /test/dir/file
$ ./bin/hdfs dfs -chmod 222 /test/dir
$ ./bin/hdfs dfs -ls /test/dir
ls: Permission denied: user=someone2, access=READ_EXECUTE,
inode="/test/dir":someone2:supergroup:d-w--w--w-
$ ./bin/hdfs dfs -rm -r /test/dir
rm: Permission denied: user=someone2, access=ALL,
inode="/test/dir":someone2:supergroup:d-w--w--w-
{code}
> Empty directories may be recursively deleted without being listable
> -------------------------------------------------------------------
>
> Key: HDFS-11557
> URL: https://issues.apache.org/jira/browse/HDFS-11557
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs
> Affects Versions: 2.7.3
> Reporter: David Tucker
> Assignee: Chen Liang
>
> To reproduce, create a directory without read and/or execute permissions
> (i.e. 0666, 0333, or 0222), then call delete on it with can_recurse=True.
> Note that the delete succeeds even though the client is unable to check for
> emptiness and, therefore, cannot otherwise know that any/all children are
> deletable.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
