[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047098#comment-14047098
]
Hudson commented on HDFS-6556:
--
FAILURE: Integrated in Hadoop-Yarn-trunk #598 (See
[https://builds.apache.org/job/Hadoop-Yarn-trunk/598/])
HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G.
(umamahesh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320)
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Fix For: 3.0.0, 2.5.0
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14047129#comment-14047129
]
Hudson commented on HDFS-6556:
--
FAILURE: Integrated in Hadoop-Hdfs-trunk #1789 (See
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1789/])
HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G.
(umamahesh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320)
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Fix For: 3.0.0, 2.5.0
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046824#comment-14046824
]
Hudson commented on HDFS-6556:
--
SUCCESS: Integrated in Hadoop-trunk-Commit #5795 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/5795/])
HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G.
(umamahesh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320)
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046884#comment-14046884
]
Hudson commented on HDFS-6556:
--
FAILURE: Integrated in Hadoop-Mapreduce-trunk #1815 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1815/])
HDFS-6556. Refine XAttr permissions. Contributed by Uma Maheswara Rao G.
(umamahesh:
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVNview=revrev=1606320)
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/fs/XAttr.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/XAttrPermissionFilter.java
*
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSShell.java
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Fix For: 3.0.0, 2.5.0
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14045922#comment-14045922
]
Hadoop QA commented on HDFS-6556:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12652803/refinedPermissions-HDFS-6556-3.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.hdfs.server.namenode.TestNameNodeHttpServer
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/7239//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7239//console
This message is automatically generated.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14046055#comment-14046055
]
Uma Maheswara Rao G commented on HDFS-6556:
---
Above test failure should be unrelated to this patch.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch,
refinedPermissions-HDFS-6556-3.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043365#comment-14043365
]
Uma Maheswara Rao G commented on HDFS-6556:
---
Thanks a lot, Yi for the review.
[~andrew.wang] or [~cnauroth] , do you want to take a look ? If any of you +1,
I can go for commit.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14043753#comment-14043753
]
Chris Nauroth commented on HDFS-6556:
-
Hi, [~umamaheswararao]. The patch looks good. I have one minor suggestion. I
see this code block is repeated in {{FSNamesystem#setXAttrInt}} and
{{FSNamesystem#removeXAttr}}:
{code}
if (isPermissionEnabled xAttr.getNameSpace() == XAttr.NameSpace.USER) {
if (isStickyBitDirectory(src)) {
if (!pc.isSuperUser()) {
checkOwner(pc, src);
}
} else {
checkPathAccess(pc, src, FsAction.WRITE);
}
}
{code}
We could remove the {{isStickyBitDirectory}} method and instead add a method
named something like {{checkXAttrChangeAccess}} that fully encapsulates all of
the above logic. This would reduce code duplication. What do you think?
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14042659#comment-14042659
]
Hadoop QA commented on HDFS-6556:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12652235/refinedPermissions-HDFS-6556-2.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.hdfs.TestCrcCorruption
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/7226//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7226//console
This message is automatically generated.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14042951#comment-14042951
]
Yi Liu commented on HDFS-6556:
--
Thanks Uma for the update, it's OK for me.
BTW, the test failure is not related.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch, refinedPermissions-HDFS-6556-2.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040120#comment-14040120
]
Hadoop QA commented on HDFS-6556:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12651853/RefinedPermissions-HDFS-6556.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.hdfs.TestBlockReaderFactory
org.apache.hadoop.hdfs.server.namenode.snapshot.TestXAttrWithSnapshot
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/7202//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7202//console
This message is automatically generated.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040169#comment-14040169
]
Uma Maheswara Rao G commented on HDFS-6556:
---
TestXAttrWithSnapshot failure is related to this patch. I will fix it in next
patch!
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040226#comment-14040226
]
Hadoop QA commented on HDFS-6556:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12651880/RefinedPermissions-HDFS-6556-1.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-hdfs-project/hadoop-hdfs:
org.apache.hadoop.TestGenericRefresh
org.apache.hadoop.hdfs.server.namenode.TestCacheDirectives
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/7204//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/7204//console
This message is automatically generated.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HDFS-6556) Refine XAttr permissions
[
https://issues.apache.org/jira/browse/HDFS-6556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14040346#comment-14040346
]
Yi Liu commented on HDFS-6556:
--
Thanks Uma, nice work. Then for user and trusted namespace xattrs, they are in
line with linux.
I have two small comments:
{code}
-FSPermissionChecker pc = getPermissionChecker();
-XAttrPermissionFilter.checkPermissionForApi(pc, xAttr);
+final FSPermissionChecker pc = isPermissionEnabled ? getPermissionChecker()
+: null;
+if (pc != null) {
+ XAttrPermissionFilter.checkPermissionForApi(pc, xAttr);
+}
{code}
I think we don't need this modification. {{getPermissionChecker()}} will always
create a {{FSPermissionChecker}}, even without permission enabled, it can be
used to check the super. Then it's in line with other places in
{{FSNameSystem}} where {{FSPermissionChecker pc = getPermissionChecker();}} is
used.
{code}
-if (xAttr.getNameSpace() == XAttr.NameSpace.USER ||
-(xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED
-pc.isSuperUser())) {
+if (xAttr.getNameSpace() == XAttr.NameSpace.USER) {
return;
}
+
+if(xAttr.getNameSpace() == XAttr.NameSpace.TRUSTED){
+ pc.checkSuperuserPrivilege();
+ return;
+}
{code}
This may be not necessary, indeed {{pc.checkSuperuserPrivilege()}} will check
the super and throw exception, but the exception is not clear, I'd prefer
original one.
Refine XAttr permissions
Key: HDFS-6556
URL: https://issues.apache.org/jira/browse/HDFS-6556
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.0
Reporter: Yi Liu
Assignee: Uma Maheswara Rao G
Attachments: RefinedPermissions-HDFS-6556-1.patch,
RefinedPermissions-HDFS-6556.patch
After discuss with Uma, we should refine setting permissions of {{user}} and
{{trusted}} namespace xattrs.
*1.* For {{user}} namespace xattrs, In HDFS-6374, says setXAttr should
require the user to be the owner of the file or directory, we have a bit
misunderstanding. It actually is:
{quote}
The access permissions for user attributes are defined by the file permission
bits. only regular files and directories can have extended attributes. For
sticky directories, only the owner and privileged user can write attributes.
{quote}
We can refer to linux source code in
http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for
regular files and directories (not sticky).
*2.* For {{trusted}} namespace, currently we require the user should be owner
and superuser. Actually superuser is enough.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
