[
https://issues.apache.org/jira/browse/HDFS-6703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14066332#comment-14066332
]
Srikanth Upputuri commented on HDFS-6703:
-----------------------------------------
I am interested to work on this. Below is my initial analysis.
The access privilege check seems to be missing in the 'remove' implementation
in RpcProgramNfs3.java. This check is available for 'rmdir' as shown below
{code}
if (!checkAccessPrivilege(client, AccessPrivilege.READ_WRITE)) {
return new RMDIR3Response(Nfs3Status.NFS3ERR_ACCES, errWcc);
}
{code}
Any thoughts? I will analyze further and will update soon.
> NFS: Files can be deleted from a read-only mount
> ------------------------------------------------
>
> Key: HDFS-6703
> URL: https://issues.apache.org/jira/browse/HDFS-6703
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: nfs
> Reporter: Abhiraj Butala
> Assignee: Srikanth Upputuri
>
>
> As reported by bigdatagroup <[email protected]> on hadoop-users mailing
> list:
> {code}
> We exported our distributed filesystem with the following configuration
> (Managed by Cloudera Manager over CDH 5.0.1):
> <property>
> <name>dfs.nfs.exports.allowed.hosts</name>
> <value>192.168.0.153 ro</value>
> </property>
> As you can see, we expect the exported FS to be read-only, but in fact we are
> able to delete files and folders stored on it (where the user has the correct
> permissions), from the client machine that mounted the FS.
> Other writing operations are correctly blocked.
> Hadoop Version in use: 2.3.0+cdh5.0.1+567"
> {code}
> I was able to reproduce the issue on latest hadoop trunk. Though I could only
> delete files, deleting directories were correctly blocked:
> {code}
> abutala@abutala-vBox:/mnt/hdfs$ mount | grep 127
> 127.0.1.1:/ on /mnt/hdfs type nfs (rw,vers=3,proto=tcp,nolock,addr=127.0.1.1)
> abutala@abutala-vBox:/mnt/hdfs$ ls -lh
> total 512
> -rw-r--r-- 1 abutala supergroup 0 Jul 17 18:51 abc.txt
> drwxr-xr-x 2 abutala supergroup 64 Jul 17 18:31 temp
> abutala@abutala-vBox:/mnt/hdfs$ rm abc.txt
> abutala@abutala-vBox:/mnt/hdfs$ ls
> temp
> abutala@abutala-vBox:/mnt/hdfs$ rm -r temp
> rm: cannot remove `temp': Permission denied
> abutala@abutala-vBox:/mnt/hdfs$ ls
> temp
> abutala@abutala-vBox:/mnt/hdfs$
> {code}
> Contents of hdfs-site.xml:
> {code}
> <configuration>
> <property>
> <name>dfs.nfs3.dump.dir</name>
> <value>/tmp/.hdfs-nfs3</value>
> </property>
> <property>
> <name>dfs.nfs.exports.allowed.hosts</name>
> <value>localhost ro</value>
> </property>
> </configuration>
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
