[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185627#comment-17185627 ] Wei-Chiu Chuang commented on HDFS-15540: Committed to trunk and branch-3.3. For branch-3.2 and below they miss HDFS-14802 and HDFS-15243 and won't cherry pick cleanly. > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > Attachments: HDFS-15540.001.patch > > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185620#comment-17185620 ] Wei-Chiu Chuang commented on HDFS-15540: +1 nice catch. Committing the 001 patch. > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > Attachments: HDFS-15540.001.patch > > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185532#comment-17185532 ] Fei Hui commented on HDFS-15540: [~sodonnell] Good catch! It looks good! > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > Attachments: HDFS-15540.001.patch > > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185498#comment-17185498 ] Hadoop QA commented on HDFS-15540: -- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 1m 26s{color} | {color:blue} Docker mode activated. {color} | || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} dupname {color} | {color:green} 0m 0s{color} | {color:green} No case conflicting files found. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | || || || || {color:brown} trunk Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 26m 33s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 43s{color} | {color:green} trunk passed with JDK Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 35s{color} | {color:green} trunk passed with JDK Private Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 59s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 42s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 20m 40s{color} | {color:green} branch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 9s{color} | {color:green} trunk passed with JDK Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 42s{color} | {color:green} trunk passed with JDK Private Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} | | {color:blue}0{color} | {color:blue} spotbugs {color} | {color:blue} 3m 59s{color} | {color:blue} Used deprecated FindBugs config; considering switching to SpotBugs. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 56s{color} | {color:green} trunk passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 31s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 42s{color} | {color:green} the patch passed with JDK Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m 42s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 1m 32s{color} | {color:green} the patch passed with JDK Private Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 1m 32s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 50s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 30s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 17m 18s{color} | {color:green} patch has no errors when building and testing our client artifacts. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 4s{color} | {color:green} the patch passed with JDK Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 28s{color} | {color:green} the patch passed with JDK Private Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 52s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} unit {color} | {color:red}143m 50s{color} | {color:red} hadoop-hdfs in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 1m 10s{color} | {color:green} The patch does not generate ASF License warnings. {color} | |
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185390#comment-17185390 ] Stephen O'Donnell commented on HDFS-15540: -- [~ferhui] you worked on HDFS-14802 - would you like to check this one too? > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > Attachments: HDFS-15540.001.patch > > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185386#comment-17185386 ] Stephen O'Donnell commented on HDFS-15540: -- I will post a patch for this shortly. Here is the output with my patch in place: {code:java} // SAME AS BEFORE [hdfs@09d47d85a75a /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 rm: Cannot delete/rename subdirectory under protected subdirectory /dir/protected // MOVE TO TRASH NOW FAILS - which is what we want [hdfs@09d47d85a75a /]$ hadoop fs -rm -r -f /dir/protected/subdir1 rm: Failed to move to trash: hdfs://nn1/dir/protected/subdir1: Cannot delete/rename subdirectory under protected subdirectory /dir/protected [hdfs@09d47d85a75a /]$ hadoop fs -rm -r -f /dir/protected rm: Failed to move to trash: hdfs://nn1/dir/protected: Cannot delete/rename non-empty protected directory /dir/protected {code} > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-15540) Directories protected from delete can still be moved to the trash
[ https://issues.apache.org/jira/browse/HDFS-15540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17185380#comment-17185380 ] Ayush Saxena commented on HDFS-15540: - Thanx [~sodonnell] for the report, It makes sense, we shouldn't allow moving to trash as well > Directories protected from delete can still be moved to the trash > - > > Key: HDFS-15540 > URL: https://issues.apache.org/jira/browse/HDFS-15540 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode >Affects Versions: 3.4.0 >Reporter: Stephen O'Donnell >Assignee: Stephen O'Donnell >Priority: Major > > With HDFS-8983, HDFS-14802 and HDFS-15243 we are able to list protected > directories which cannot be deleted or renamed, provided the following is set: > fs.protected.directories: > dfs.protected.subdirectories.enable: true > Testing this feature out, I can see it mostly works fine, but protected > non-empty folders can still be moved to the trash. In this example > /dir/protected is set in fs.protected.directories, and > dfs.protected.subdirectories.enable is true. > {code} > hadoop fs -ls -R /dir > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir1 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir1/file1 > drwxr-xr-x - hdfs supergroup 0 2020-08-26 16:52 /dir/protected/subdir2 > -rw-r--r-- 3 hdfs supergroup 174 2020-08-26 16:52 /dir/protected/subdir2/file1 > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected/subdir1 > rm: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected/subdir1 > /dir/protected/subdir1-moved > mv: Cannot delete/rename subdirectory under protected subdirectory > /dir/protected > ** ALL GOOD SO FAR ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected/subdir1 > 2020-08-26 16:54:32,404 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected/subdir1' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected/subdir1 > ** It moved the protected sub-dir to the trash, where it will be deleted ** > ** Checking the top level dir, it is the same ** > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f -skipTrash /dir/protected > rm: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -mv /dir/protected /dir/protected-new > mv: Cannot delete/rename non-empty protected directory /dir/protected > [hdfs@7d67ed1af9b0 /]$ hadoop fs -rm -r -f /dir/protected > 2020-08-26 16:55:32,402 INFO fs.TrashPolicyDefault: Moved: > 'hdfs://nn1/dir/protected' to trash at: > hdfs://nn1/user/hdfs/.Trash/Current/dir/protected1598460932388 > {code} > The reason for this, seems to be that "move to trash" uses a different rename > method in FSNameSystem and FSDirRenameOp which avoids the > DFSUtil.checkProtectedDescendants(...) in the earlier Jiras. > I believe that "move to trash" should be protected in the same way as a > -skipTrash delete. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org