You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Shashikant Banerjee (Jira)" <ji...@apache.org> on 2021/08/03 04:42:00 UTC
[jira] [Comment Edited] (HDDS-4335) No user access checks in Ozone
FS
[ https://issues.apache.org/jira/browse/HDDS-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17391956#comment-17391956 ]
Shashikant Banerjee edited comment on HDDS-4335 at 8/3/21, 4:41 AM:
--------------------------------------------------------------------
The issue is very specific to Ozone FS not ozone shell. The FS interface needs to translate hadoop/hdfs native acls to Ozone native acls to make it replicate the behaviour similar to what hdfs does. This will specifically will come into picture when we try replication using "distcp" from hdfs cluster to ozone cluster where you want to preserve the permissions/acls during the replication flow.
Its not an issue i agree as per the current design but an improvement for such requirements.
was (Author: shashikant):
The issue is very specific to Ozone FS not ozone shell. The Fs interface needs to translate hadoop native acls to Ozone native acls to make it replicate the behaviour similar to what hdfs does. This will specifically will come into picture when we try replication using "distcp" from hdfs cluster to ozone cluster where you want to preserve the permissions/acls during the replication flow.
Its not an issue i agree as per the current design but an improvement for such requirements.
> No user access checks in Ozone FS
> ---------------------------------
>
> Key: HDDS-4335
> URL: https://issues.apache.org/jira/browse/HDDS-4335
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Shashikant Banerjee
> Assignee: Neil Joshi
> Priority: Major
>
> Currently, a dir/file created with hdfs user cab be deleted by any user.
> {code:java}
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$ sudo -u hdfs ozone fs -mkdir o3fs://bucket1.vol1.ozone1/data/sandbox/poc/teragen
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$ sudo -u hdfs ozone fs -ls o3fs://bucket1.vol1.ozone1/data/sandbox/poc/teragen
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$ sudo -u hdfs ozone fs -ls o3fs://bucket1.vol1.ozone1/data/sandbox/poc/
> Found 1 items
> drwxrwxrwx - hdfs hdfs 0 2020-10-12 02:51 o3fs://bucket1.vol1.ozone1/data/sandbox/poc/teragen
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$ ozone fs -rm -r o3fs://bucket1.vol1.ozone1/data/sandbox/poc/
> 20/10/12 02:52:16 INFO Configuration.deprecation: io.bytes.per.checksum is deprecated. Instead, use dfs.bytes-per-checksum
> 20/10/12 02:52:16 INFO ozone.BasicOzoneFileSystem: Move to trash is disabled for o3fs, deleting instead: o3fs://bucket1.vol1.ozone1/data/sandbox/poc. Files or directories will NOT be retained in trash. Ignore the following TrashPolicyDefault message, if any.
> 20/10/12 02:52:16 INFO fs.TrashPolicyDefault: Moved: 'o3fs://bucket1.vol1.ozone1/data/sandbox/poc' to trash at: /.Trash/sbanerjee/Current/data/sandbox/poc1602496336480
> [sbanerjee@vd1308 MapReduce-Performance_Testing-master]$ sudo -u hdfs ozone fs -ls o3fs://bucket1.vol1.ozone1/data/sandbox/poc/
> ls: `o3fs://bucket1.vol1.ozone1/data/sandbox/poc/': No such file or directory
> {code}
> Whereas, the same seuquence fails with permission denied error in HDFS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org