[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047098#comment-14047098 ] Hudson commented on HDFS-6556: -- FAILURE: Integrated in Hadoop-Yarn-trunk #598 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/598/]) HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G. (umamahesh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320) * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Fix For: 3.0.0, 2.5.0 Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047129#comment-14047129 ] Hudson commented on HDFS-6556: -- FAILURE: Integrated in Hadoop-Hdfs-trunk #1789 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1789/]) HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G. (umamahesh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320) * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Fix For: 3.0.0, 2.5.0 Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046824#comment-14046824 ] Hudson commented on HDFS-6556: -- SUCCESS: Integrated in Hadoop-trunk-Commit #5795 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/5795/]) HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G. (umamahesh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320) * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046884#comment-14046884 ] Hudson commented on HDFS-6556: -- FAILURE: Integrated in Hadoop-Mapreduce-trunk #1815 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1815/]) HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G. (umamahesh: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320) * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Fix For: 3.0.0, 2.5.0 Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045922#comment-14045922 ] Hadoop QA commented on HDFS-6556: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12652803/refinedPermissions-HDFS-6556-3.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.namenode.TestNameNodeHttpServer {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/7239//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7239//console This message is automatically generated. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046055#comment-14046055 ] Uma Maheswara Rao G commented on HDFS-6556: --- Above test failure should be unrelated to this patch. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch, refinedPermissions-HDFS-6556-3.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043365#comment-14043365 ] Uma Maheswara Rao G commented on HDFS-6556: --- Thanks a lot, Yi for the review. [~andrew.wang] or [~cnauroth] , do you want to take a look ? If any of you +1, I can go for commit. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043753#comment-14043753 ] Chris Nauroth commented on HDFS-6556: - Hi, [~umamaheswararao]. The patch looks good. I have one minor suggestion. I see this code block is repeated in {{FSNamesystem#setXAttrInt}} and {{FSNamesystem#removeXAttr}}: {code} if (isPermissionEnabled xAttr.getNameSpace() == XAttr.NameSpace.USER) { if (isStickyBitDirectory(src)) { if (!pc.isSuperUser()) { checkOwner(pc, src); } } else { checkPathAccess(pc, src, FsAction.WRITE); } } {code} We could remove the {{isStickyBitDirectory}} method and instead add a method named something like {{checkXAttrChangeAccess}} that fully encapsulates all of the above logic. This would reduce code duplication. What do you think? Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14042659#comment-14042659 ] Hadoop QA commented on HDFS-6556: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12652235/refinedPermissions-HDFS-6556-2.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.TestCrcCorruption {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/7226//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7226//console This message is automatically generated. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14042951#comment-14042951 ] Yi Liu commented on HDFS-6556: -- Thanks Uma for the update, it's OK for me. BTW, the test failure is not related. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040120#comment-14040120 ] Hadoop QA commented on HDFS-6556: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12651853/RefinedPermissions-HDFS-6556.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.TestBlockReaderFactory org.apache.hadoop.hdfs.server.namenode.snapshot.TestXAttrWithSnapshot {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/7202//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7202//console This message is automatically generated. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040169#comment-14040169 ] Uma Maheswara Rao G commented on HDFS-6556: --- TestXAttrWithSnapshot failure is related to this patch. I will fix it in next patch! Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040226#comment-14040226 ] Hadoop QA commented on HDFS-6556: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12651880/RefinedPermissions-HDFS-6556-1.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.TestGenericRefresh org.apache.hadoop.hdfs.server.namenode.TestCacheDirectives {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/7204//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7204//console This message is automatically generated. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[ https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040346#comment-14040346 ] Yi Liu commented on HDFS-6556: -- Thanks Uma, nice work. Then for user and trusted namespace xattrs, they are in line with linux. I have two small comments: {code} -FSPermissionChecker pc = getPermissionChecker(); -XAttrPermissionFilter.checkPermissionForApi(pc, xAttr); +final FSPermissionChecker pc = isPermissionEnabled ? getPermissionChecker() +: null; +if (pc != null) { + XAttrPermissionFilter.checkPermissionForApi(pc, xAttr); +} {code} I think we don't need this modification. {{getPermissionChecker()}} will always create a {{FSPermissionChecker}}, even without permission enabled, it can be used to check the super. Then it's in line with other places in {{FSNameSystem}} where {{FSPermissionChecker pc = getPermissionChecker();}} is used. {code} -if (xAttr.getNameSpace() == XAttr.NameSpace.USER || -(xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED -pc.isSuperUser())) { +if (xAttr.getNameSpace() == XAttr.NameSpace.USER) { return; } + +if(xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED){ + pc.checkSuperuserPrivilege(); + return; +} {code} This may be not necessary, indeed {{pc.checkSuperuserPrivilege()}} will check the super and throw exception, but the exception is not clear, I'd prefer original one. Refine XAttr permissions Key: HDFS-6556 URL: https://issues.apache.org/jira/browse/HDFS-6556 Project: Hadoop HDFS Issue Type: Bug Components: namenode Affects Versions: 2.5.0 Reporter: Yi Liu Assignee: Uma Maheswara Rao G Attachments: RefinedPermissions-HDFS-6556-1.patch, RefinedPermissions-HDFS-6556.patch After discuss with Uma, we should refine setting permissions of {{user}} and {{trusted}} namespace xattrs. *1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should require the user to be the owner of the file or directory, we have a bit misunderstanding. It actually is: {quote} The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes. {quote} We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35 I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky). *2.* For {{trusted}} namespace, currently we require the user should be owner and superuser. Actually superuser is enough. -- This message was sent by Atlassian JIRA (v6.2#6252)