You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Robert Chansler (JIRA)" <ji...@apache.org> on 2009/09/25 23:45:16 UTC
[jira] Updated: (HADOOP-4268) Permission checking in fsck
[ https://issues.apache.org/jira/browse/HADOOP-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Chansler updated HADOOP-4268:
------------------------------------
Release Note: Fsck now checks permissions as directories are traversed. Any user can now use fsck, but information is provided only for directories the user has permission to read. (was: Add permission checking on fsck. Before the changes, fsck invokes NameNode internal methods directly. So that any user can run fsck on any path, even for the path they do not have permission to access the files. After the changes, fsck invokes the ClientProtocol methods. Then the corresponding permission requirement for running the ClientProtocol methods will be enforced.)
Editorial pass over all release notes prior to publication of 0.21.
> Permission checking in fsck
> ---------------------------
>
> Key: HADOOP-4268
> URL: https://issues.apache.org/jira/browse/HADOOP-4268
> Project: Hadoop Common
> Issue Type: New Feature
> Affects Versions: 0.17.2
> Reporter: Koji Noguchi
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.21.0
>
> Attachments: 4268_20081217.patch, 4268_20081218.patch, 4268_20081218b.patch, 4268_20081230.patch
>
>
> Quoting from HADOOP-3222 ("fsck should require superuser privilege"),
> bq. I agree that it makes sense to make fsck do permission checking for the nodes that it traverses. If a user does a fsck on files/directories that he/she has access to (using permissions) then that invocation of fsck should be allowed. Since "/" is usually owned by super-user, only super-user should be allowed to run fsck on "/".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.