[
https://issues.apache.org/jira/browse/HDFS-13390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16424130#comment-16424130
]
Rushabh S Shah edited comment on HDFS-13390 at 4/3/18 2:58 PM:
---------------------------------------------------------------
{quote}. So why overwriting file will produce AccessControlException and not
the delete method?
{quote}
[https://github.com/apache/hadoop/blob/branch-2.9/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L162]
For {{startFileInt witgh overWrite flage}}, it resolves to all these arguments:
{noformat}
checkPermission(iip, false, null, null, FsAction.WRITE, null, false)
{noformat}
For {{delete}} path, it resolves to all these arguments:
{noformat}
fsd.checkPermission(iip, false, null, FsAction.WRITE, null, FsAction.ALL, true);
{noformat}
Here are all the {{checkPermission}} parameters.
{noformat}
checkPermission(INodesInPath inodesInPath, boolean doCheckOwner,
FsAction ancestorAccess, FsAction parentAccess, FsAction access,
FsAction subAccess, boolean ignoreEmptyDir)
{noformat}
If you notice {{access}} parameter, it is null for {{delete}} and it is
{{FsAction.WRITE}} for {{startFileInt}}.
That means it will skip the checking whether file is writable for {{delete}}
and will check whether file is writable by {{currentUser}}.
I don't have much context why the behavior is different.
IMO it should be same (i.e you should be able to overwrite the file if you are
able to delete it) but you can provide a patch and will let others review the
patch.
Just FYI, this patch will bring an incompatible change in the way that some
jobs will not fail when they expect it to fail.
was (Author: shahrs87):
bq. . So why overwriting file will produce AccessControlException and not the
delete method?
https://github.com/apache/hadoop/blob/branch-2.9/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java#L162
For {{startFileInt witgh overWrite flage}}, it resolves to all these arguments:
{noformat}
checkPermission(iip, false, null, null, FsAction.WRITE, null, false)
{noformat}
For {{delete}} path, it resolves to all these arguments:
{noformat}
fsd.checkPermission(iip, false, null, FsAction.WRITE, null, FsAction.ALL, true);
{noformat}
Here are all the {{checkPermission}} parameters.
{noformat}
checkPermission(INodesInPath inodesInPath, boolean doCheckOwner,
FsAction ancestorAccess, FsAction parentAccess, FsAction access,
FsAction subAccess, boolean ignoreEmptyDir)
{noformat}
If you notice {{access}} parameter, it is null for {{delete}} and it is
{{FsAction.WRITE}} for {{startFileInt}}.
That means it will skip the checking whether file is writable for {{delete}}
and will check whether file is writable by {{currentUser}}.
I don't have much context why the behavior is different.
IMO it should be same but you can provide a patch and will let others review
the patch.
> AccessControlException for overwrite but not for delete
> -------------------------------------------------------
>
> Key: HDFS-13390
> URL: https://issues.apache.org/jira/browse/HDFS-13390
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs
> Affects Versions: 2.9.0
> Environment: *Environment:*
> OS: Centos
> PyArrow Version: 0.8.0
> Python version: 3.6
> HDFS: 2.9
> Reporter: Nasir Ali
> Priority: Minor
>
>
> *Problem:*
> I have a file (F-1) saved in HDFS with permissions set to "-rw-r--r--" with
> user "cnali". User "nndugudi" cannot overwrite F-1 (vice versa). hdfs.write
> will generate following exception:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=nndugudi, access=WRITE,
> inode="/cerebralcortex/data/00000000-f81c-44d2-9db8-fea69f468d58/00000000-5087-3d56-ad0e-0b27c3c83182/20171105.gz":cnali:supergroup:-rw-r--r--
> However, user "nndugudi" can delete the file without any problem. So why
> overwriting file will produce AccessControlException and not the delete
> method?
> *Sample Code*:
> File:
> [https://github.com/MD2Korg/CerebralCortex/blob/master/cerebralcortex/core/data_manager/raw/stream_handler.py]
> LOC: 659-705 (write_hdfs_day_file)
>
> *HDFS Configurations*:
> All configurations are set to default. Security is also disabled as of now.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
