[jira] [Commented] (HDFS-6165) "hdfs dfs -rm -r" and "hdfs -rmdir" commands can't remove empty directory

Thu, 03 Apr 2014 10:10:34 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13958981#comment-13958981
 ] 

Yongjun Zhang commented on HDFS-6165:
-------------------------------------

Hi [~daryn],

Thanks for your earlier comment at 29/Mar/14 12:26. I've uploaded patch 
revision 004 to address them. Would you please help reviewing this version? 
Thanks a lot.

Some notable changes and comments:

1. No -f is introduced as in previous patch revisions.

2. When deleting empty directory, in addition to the other permissions, READ 
permission is required for the empty directory.

3. Prior to my change, Rmdir command uses listStatus method to check whether 
it's empty. Curently the listStatus method requires both READ and EXECUTE 
permission. My patch changed the way how to check whether a directory is empty 
by using PathIsNotEmptyDirectoryException.

4. As stated in 3, listStatus method requires READ and EXECUTE permission. For 
the purpose of checking whether a dir is empty, we probably can have another 
lightweight API that only requires READ permission. I did not introduce this 
API, but I can do it if we can agree upon.

My understanding is, listStatus is similar to command "ls -l".  I think the new 
API would be similar to "ls". Basically the new API should be able to tell how 
many entries in a directory without the need of EXECUTE permission, below is 
how centOs system works, when the target directory has no EXECUTE permission:
{code}
[root@yjzsn usrxyz]# ls -lrt
total 24
drwx------ 2 abc abc 4096 Apr  2 17:39 abc-notempty
drwxr--r-- 2 abc abc 4096 Apr  2 17:39 abc-notempty1
drwx------ 2 abc abc 4096 Apr  2 17:39 abc-empty
drwxr----- 2 abc abc 4096 Apr  2 17:39 abc-empty1
drwx---r-- 2 abc abc 4096 Apr  2 17:39 abc-empty2
drwxr--r-- 2 abc abc 4096 Apr  2 17:39 abc-empty3
[root@yjzsn usrxyz]# su usrxyz
[usrxyz@yjzsn ~]$ ls abc-notempty
ls: cannot open directory abc-notempty: Permission denied

[usrxyz@yjzsn ~]$ ls abc-notempty1   <== with READ perm, this one lists the 
file name in it (xyz.txt), prints "Permission denied" because of xyz.txt's 
permission
ls: cannot access abc-notempty1/xyz.txt: Permission denied
xyz.txt

[usrxyz@yjzsn ~]$ 
[usrxyz@yjzsn ~]$ ls abc-empty1
ls: cannot open directory abc-empty1: Permission denied
[usrxyz@yjzsn ~]$ ls abc-empty2
[usrxyz@yjzsn ~]$ ls abc-empty3
[usrxyz@yjzsn ~]$ 
{code}




> "hdfs dfs -rm -r" and "hdfs -rmdir" commands can't remove empty directory 
> --------------------------------------------------------------------------
>
>                 Key: HDFS-6165
>                 URL: https://issues.apache.org/jira/browse/HDFS-6165
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: hdfs-client
>    Affects Versions: 2.3.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>            Priority: Minor
>         Attachments: HDFS-6165.001.patch, HDFS-6165.002.patch, 
> HDFS-6165.003.patch, HDFS-6165.004.patch
>
>
> Given a directory owned by user A with WRITE permission containing an empty 
> directory owned by user B, it is not possible to delete user B's empty 
> directory with either "hdfs dfs -rm -r" or "hdfs dfs -rmdir". Because the 
> current implementation requires FULL permission of the empty directory, and 
> throws exception. 
> On the other hand, on linux, "rm -r" and "rmdir" command can remove empty 
> directory as long as the parent directory has WRITE permission (and prefix 
> component of the path have EXECUTE permission), For the tested OSes, some 
> prompt user asking for confirmation, some don't.
> Here's a reproduction:
> {code}
> [root@vm01 ~]# hdfs dfs -ls /user/
> Found 4 items
> drwxr-xr-x   - userabc users               0 2013-05-03 01:55 /user/userabc
> drwxr-xr-x   - hdfs    supergroup          0 2013-05-03 00:28 /user/hdfs
> drwxrwxrwx   - mapred  hadoop              0 2013-05-03 00:13 /user/history
> drwxr-xr-x   - hdfs    supergroup          0 2013-04-14 16:46 /user/hive
> [root@vm01 ~]# hdfs dfs -ls /user/userabc
> Found 8 items
> drwx------   - userabc users          0 2013-05-02 17:00 /user/userabc/.Trash
> drwxr-xr-x   - userabc users          0 2013-05-03 01:34 /user/userabc/.cm
> drwx------   - userabc users          0 2013-05-03 01:06 
> /user/userabc/.staging
> drwxr-xr-x   - userabc users          0 2013-04-14 18:31 /user/userabc/apps
> drwxr-xr-x   - userabc users          0 2013-04-30 18:05 /user/userabc/ds
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:54 /user/userabc/foo
> drwxr-xr-x   - userabc users          0 2013-04-30 16:18 
> /user/userabc/maven_source
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:40 
> /user/userabc/test-restore
> [root@vm01 ~]# hdfs dfs -ls /user/userabc/foo/
> [root@vm01 ~]# sudo -u userabc hdfs dfs -rm -r -skipTrash /user/userabc/foo
> rm: Permission denied: user=userabc, access=ALL, 
> inode="/user/userabc/foo":hdfs:users:drwxr-xr-x
> {code}
> The super user can delete the directory.
> {code}
> [root@vm01 ~]# sudo -u hdfs hdfs dfs -rm -r -skipTrash /user/userabc/foo
> Deleted /user/userabc/foo
> {code}
> The same is not true for files, however. They have the correct behavior.
> {code}
> [root@vm01 ~]# sudo -u hdfs hdfs dfs -touchz /user/userabc/foo-file
> [root@vm01 ~]# hdfs dfs -ls /user/userabc/
> Found 8 items
> drwx------   - userabc users          0 2013-05-02 17:00 /user/userabc/.Trash
> drwxr-xr-x   - userabc users          0 2013-05-03 01:34 /user/userabc/.cm
> drwx------   - userabc users          0 2013-05-03 01:06 
> /user/userabc/.staging
> drwxr-xr-x   - userabc users          0 2013-04-14 18:31 /user/userabc/apps
> drwxr-xr-x   - userabc users          0 2013-04-30 18:05 /user/userabc/ds
> -rw-r--r--   1 hdfs    users          0 2013-05-03 02:11 
> /user/userabc/foo-file
> drwxr-xr-x   - userabc users          0 2013-04-30 16:18 
> /user/userabc/maven_source
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:40 
> /user/userabc/test-restore
> [root@vm01 ~]# sudo -u userabc hdfs dfs -rm -skipTrash /user/userabc/foo-file
> Deleted /user/userabc/foo-file
> {code}
> Using "hdfs dfs -rmdir" command:
> {code}
> bash-4.1$ hadoop fs -lsr /
> lsr: DEPRECATED: Please use 'ls -R' instead.
> drwxr-xr-x   - hdfs supergroup          0 2014-03-25 16:29 /user
> drwxr-xr-x   - hdfs   supergroup          0 2014-03-25 16:28 /user/hdfs
> drwxr-xr-x   - usrabc users               0 2014-03-28 23:39 /user/usrabc
> drwxr-xr-x   - abc    abc                 0 2014-03-28 23:39 
> /user/usrabc/foo-empty1
> [root@vm01 usrabc]# su usrabc
> [usrabc@vm01 ~]$ hdfs dfs -rmdir /user/usrabc/foo-empty1
> rmdir: Permission denied: user=usrabc, access=ALL, 
> inode="/user/usrabc/foo-empty1":abc:abc:drwxr-xr-x
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to