Stephen Chu created HDFS-6767:
---------------------------------
Summary: Cannot remove directory within encryption zone to Trash
Key: HDFS-6767
URL: https://issues.apache.org/jira/browse/HDFS-6767
Project: Hadoop HDFS
Issue Type: Sub-task
Components: security
Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
Reporter: Stephen Chu
Currently, users that want to remove an encrypted directory using the FsShell
remove commands need to skip the trash.
If users try to remove an encrypted directory while Trash is enabled, they will
see the following error:
{code}
[hdfs@schu-enc2 ~]$ hdfs dfs -rm -r /user/hdfs/enc
2014-07-29 13:47:28,799 INFO [main] hdfs.DFSClient
(DFSClient.java:<init>(604)) - Found KeyProvider: KeyProviderCryptoExtension:
jceks://file@/home/hdfs/hadoop-data/test.jks
2014-07-29 13:47:29,563 INFO [main] fs.TrashPolicyDefault
(TrashPolicyDefault.java:initialize(92)) - Namenode trash configuration:
Deletion interval = 1440 minutes, Emptier interval = 0 minutes.
rm: Failed to move to trash: hdfs://schu-enc2.vpc.com:8020/user/hdfs/enc.
Consider using -skipTrash option
{code}
This is because the encrypted dir cannot be moved from an encryption zone, as
the NN log explains:
{code}
2014-07-29 13:47:29,596 INFO [IPC Server handler 8 on 8020] ipc.Server
(Server.java:run(2120)) - IPC Server handler 8 on 8020, call
org.apache.hadoop.hdfs.protocol.ClientProtocol.rename from 172.25.3.153:48295
Call#9 Retry#0
java.io.IOException: /user/hdfs/enc can't be moved from an encryption zone.
at
org.apache.hadoop.hdfs.server.namenode.EncryptionZoneManager.checkMoveValidity(EncryptionZoneManager.java:175)
at
org.apache.hadoop.hdfs.server.namenode.FSDirectory.unprotectedRenameTo(FSDirectory.java:526)
at
org.apache.hadoop.hdfs.server.namenode.FSDirectory.renameTo(FSDirectory.java:440)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameToInternal(FSNamesystem.java:3593)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameToInt(FSNamesystem.java:3555)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.renameTo(FSNamesystem.java:3522)
at
org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.rename(NameNodeRpcServer.java:727)
at
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.rename(ClientNamenodeProtocolServerSideTranslatorPB.java:542)
at
org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
at
org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:607)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:932)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2099)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2095)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1626)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2093)
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
