You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Bikas Saha (JIRA)" <ji...@apache.org> on 2012/11/07 05:26:13 UTC

[jira] [Commented] (HADOOP-9006) Winutils should keep Administrators privileges intact

    [ https://issues.apache.org/jira/browse/HADOOP-9006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13492109#comment-13492109 ] 

Bikas Saha commented on HADOOP-9006:
------------------------------------

Havent gone through the patch but a thing to keep in mind would be to avoid appending new data to the ACL objects on files/folders or we may end up filling up the allowed space and then failing subsequent operations. I have encountered this problem in some other project so thought would mention it.
                
> Winutils should keep Administrators privileges intact
> -----------------------------------------------------
>
>                 Key: HADOOP-9006
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9006
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 1-win
>            Reporter: Chuan Liu
>            Assignee: Chuan Liu
>            Priority: Minor
>             Fix For: 1-win
>
>         Attachments: HADOOP-9006-branch-1-win.patch
>
>
> This issue was originally discovered by [~ivanmi]. Cite his words as follows.
> {quote}
> Current by design behavior is for winutils to ACL the folders only for the user passed in thru chmod/chown. This causes some un-natural side effects in cases where Hadoop services run in the context of a non-admin user. For example, Administrators on the box will no longer be able to:
>  - delete files created in the context of Hadoop services (other users)
>  - check the size of the folder where HDFS blocks are stored
> {quote}
> In my opinion, it is natural for some special accounts on Windows to be able to access all the folders, including Hadoop folders. This is similar to Linux in the way root users on Linux can always access any directories regardless the permissions set the those directories.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira