You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Xiaoyu Yao (Jira)" <ji...@apache.org> on 2020/02/25 17:36:00 UTC

[jira] [Commented] (HADOOP-16885) Encryption zone file copy failure leaks temp file ._COPYING_ and wrapped stream

    [ https://issues.apache.org/jira/browse/HADOOP-16885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17044689#comment-17044689 ] 

Xiaoyu Yao commented on HADOOP-16885:
-------------------------------------

Repro steps (Thanks Olivér Dózsa)
kinit as hdfs
Try to copy to encrypted zone directory
hdfs dfs -cp /tmp/kms_text_file.txt /kms_test/encrypted_dirs/test_dir/kms_text_file.txt
Observe that user hdfs doesn't have permission to do decrypt EEK. (as expected)
On HDP 3.1.5.0-152, the following can be seen:
     Failed to close file: /kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_ with inode: 18159
     org.apache.hadoop.ipc.RemoteException(java.io.FileNotFoundException): File does not exist: /kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_ (inode 18159) Holder DFSClient_NONMAPREDUCE_1857410465_1 does not have any open files.
Execute

hdfs dfs -ls /kms_test/encrypted_dirs/test_dir/
and observe there's *no*

kms_text_file.txt._COPYING_
file present.

On HDP 7.1.0.1000-7, no error message can be seen.
Execute
hdfs dfs -ls /kms_test/encrypted_dirs/test_dir/
and observe there's a

kms_text_file.txt._COPYING_
file present.

kinit as user1 (kinit -k -t /home/hrt_qa/hadoopqa/keytabs/user1.headless.keytab user1)
Try to copy file to encrypted directory again
hdfs dfs -cp /tmp/kms_text_file.txt /kms_test/encrypted_dirs/test_dir/kms_text_file.txt
The following happens:
On HDP 3.1.5.0-152 it succeeds, no error message is shown.
On HDP 7.1.0.1000-7 the operation fails with
cp: Permission denied: user=user1, access=WRITE, inode="/kms_test/encrypted_dirs/test_dir/kms_text_file.txt._COPYING_":hdfs:hdfs:-rw-r--r--
Expected behavior
Step 5. should succeed. No file with

_COPYING_
suffix should be created when user with no permission tries to copy to a restricted directory.

> Encryption zone file copy failure leaks temp file ._COPYING_ and wrapped stream
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-16885
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16885
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.3.0
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>
> Copy file into encryption on  trunk with HADOOP-16490 caused a leaking temp file _COPYING_ left and potential wrapped stream unclosed. This ticked is opened to track the fix for it. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org