[jira] [Comment Edited] (HADOOP-14768) Honoring sticky bit during Deletion when authorization is enabled in WASB
[ https://issues.apache.org/jira/browse/HADOOP-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16178910#comment-16178910 ] Varada Hemeswari edited comment on HADOOP-14768 at 9/25/17 12:03 PM: - Addressed comments from [~tmarquardt]. Separated delete paths for authorization enabled and disabled flows in [^HADOOP-14768.006.patch] was (Author: vahemesw): addressed comments from [~tmarquardt]. Seperated delete paths for authorization enabled and disabled flows. > Honoring sticky bit during Deletion when authorization is enabled in WASB > - > > Key: HADOOP-14768 > URL: https://issues.apache.org/jira/browse/HADOOP-14768 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure >Reporter: Varada Hemeswari >Assignee: Varada Hemeswari > Labels: fs, secure, wasb > Attachments: HADOOP-14768.001.patch, HADOOP-14768.002.patch, > HADOOP-14768.003.patch, HADOOP-14768.003.patch, HADOOP-14768.004.patch, > HADOOP-14768.004.patch, HADOOP-14768.005.patch, HADOOP-14768.006.patch > > > When authorization is enabled in WASB filesystem, there is a need for > stickybit in cases where multiple users can create files under a shared > directory. This additional check for sticky bit is reqired since any user can > delete another user's file because the parent has WRITE permission for all > users. > The purpose of this jira is to implement sticky bit equivalent for 'delete' > call when authorization is enabled. > Note : Sticky bit implementation for 'Rename' operation is not done as part > of this JIRA -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HADOOP-14768) Honoring sticky bit during Deletion when authorization is enabled in WASB
[ https://issues.apache.org/jira/browse/HADOOP-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16175142#comment-16175142 ] Varada Hemeswari edited comment on HADOOP-14768 at 9/21/17 5:26 PM: [~tmarquardt], I agree to the risk of performance and functionality. We are already considering sticky bit only if authorization is enabled. So I think adding another flag is unnecesary. Please note that the changes not only add sticky bit but also change semantics of delete when authorization is enabled.( introducing partial delete whereas previously failure of single auth check used to halt entire delete).These required the changes you pointed out, that may actually cause performance to degrade. So seperate flag for stickybit may not be that useful. I will also be working on rename as soon as this patch is committed making this the base for stickybit. I can make changes such that if authorization is not enabled, delete will continue along the previous legacy path or else the new changes will take effect. Let me know if this works. was (Author: vahemesw): [~tmarq], I agree to the risk of performance and functionality. We are already considering sticky bit only if authorization is enabled. So I think adding another flag is unnecesary. Please note that the changes not only add sticky bit but also change semantics of delete when authorization is enabled.( introducing partial delete whereas previously failure of single auth check used to halt entire delete).These required the changes you pointed out, that may actually cause performance to regress. So seperate flag for stickybit may not be that useful. I can make changes such that if authorization is not enabled, delete will continue along the previous legacy path or else the new changes will take effect. Let me know if this works. > Honoring sticky bit during Deletion when authorization is enabled in WASB > - > > Key: HADOOP-14768 > URL: https://issues.apache.org/jira/browse/HADOOP-14768 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure >Reporter: Varada Hemeswari >Assignee: Varada Hemeswari > Labels: fs, secure, wasb > Attachments: HADOOP-14768.001.patch, HADOOP-14768.002.patch, > HADOOP-14768.003.patch, HADOOP-14768.003.patch, HADOOP-14768.004.patch, > HADOOP-14768.004.patch > > > When authorization is enabled in WASB filesystem, there is a need for > stickybit in cases where multiple users can create files under a shared > directory. This additional check for sticky bit is reqired since any user can > delete another user's file because the parent has WRITE permission for all > users. > The purpose of this jira is to implement sticky bit equivalent for 'delete' > call when authorization is enabled. > Note : Sticky bit implementation for 'Rename' operation is not done as part > of this JIRA -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Comment Edited] (HADOOP-14768) Honoring sticky bit during Deletion when authorization is enabled in WASB
[ https://issues.apache.org/jira/browse/HADOOP-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16173143#comment-16173143 ] Steve Loughran edited comment on HADOOP-14768 at 9/20/17 1:07 PM: -- To submit a patch you need to # add a new file: the most recent file added is always taken to be the patch # hit "cancel patch" # hit "submit path" # wait The build is [in Jenkins|https://builds.apache.org/view/H-L/view/Hadoop/job/PreCommit-HADOOP-Build/] if you want to see what's going on Note: you must add a new file; cancel & submit isn't enough to trigger a job. You can just re-attach the previous file was (Author: ste...@apache.org): To submit a patch you need to # add a new file: the most recent file added is always taken to be the patch # hit "cancel patch" # hit "submit path" # wait The build is [in Jenkins|https://builds.apache.org/view/H-L/view/Hadoop/job/PreCommit-HADOOP-Build/] if you want to see what's going on > Honoring sticky bit during Deletion when authorization is enabled in WASB > - > > Key: HADOOP-14768 > URL: https://issues.apache.org/jira/browse/HADOOP-14768 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/azure >Reporter: Varada Hemeswari >Assignee: Varada Hemeswari > Labels: fs, secure, wasb > Attachments: HADOOP-14768.001.patch, HADOOP-14768.002.patch, > HADOOP-14768.003.patch, HADOOP-14768.003.patch, HADOOP-14768.004.patch > > > When authorization is enabled in WASB filesystem, there is a need for > stickybit in cases where multiple users can create files under a shared > directory. This additional check for sticky bit is reqired since any user can > delete another user's file because the parent has WRITE permission for all > users. > The purpose of this jira is to implement sticky bit equivalent for 'delete' > call when authorization is enabled. > Note : Sticky bit implementation for 'Rename' operation is not done as part > of this JIRA -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
