Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/17495#discussion_r111215096
--- Diff:
core/src/main/scala/org/apache/spark/deploy/history/FsHistoryProvider.scala ---
@@ -320,14 +321,35 @@ private[history] class FsHistoryProvider(conf:
SparkConf, clock: Clock)
.filter { entry =>
try {
val prevFileSize =
fileToAppInfo.get(entry.getPath()).map{_.fileSize}.getOrElse(0L)
+
+ def canAccess = {
+ val perm = entry.getPermission
+ val ugi = UserGroupInformation.getCurrentUser
+ val user = ugi.getShortUserName
+ val groups = ugi.getGroupNames
+ if (user == entry.getOwner &&
perm.getUserAction.implies(FsAction.READ)) {
--- End diff --
This code is not correct. The code in Hadoop's
`FileSystem.checkAccessPermissions` is slightly different and actually correct.
For example, if you have a file with permissions `066` and your user
matches the owner, you do not have permission to read the file, even if you
belong to a group that has permissions to read it. Your code allows that user
to read that file.
e.g.
```
$ sudo ls -la /tmp/test
total 132
d---rwxrwx 2 vanzin vanzin 4096 Abr 12 10:30 .
drwxrwxrwt 78 root root 126976 Abr 12 10:30 ..
$ ls /tmp/test
ls: cannot open directory '/tmp/test': Permission denied
```
There's also an issue with superusers (they should always have
permissions), but then the Hadoop library also has that problem, so maybe we
can ignore that one.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
