You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-issues@hadoop.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2023/05/21 11:40:00 UTC

[jira] [Commented] (HDFS-16983) Whether checking path access permissions should be decided by dfs.permissions.enabled in concat operation

    [ https://issues.apache.org/jira/browse/HDFS-16983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17724627#comment-17724627 ] 

ASF GitHub Bot commented on HDFS-16983:
---------------------------------------

Hexiaoqiao commented on code in PR #5561:
URL: https://github.com/apache/hadoop/pull/5561#discussion_r1199749665


##########
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirConcatOp.java:
##########
@@ -121,7 +121,7 @@ private static INodeFile[] verifySrcFiles(FSDirectory fsd, String[] srcs,
     for(String src : srcs) {
       final INodesInPath iip = fsd.resolvePath(pc, src, DirOp.WRITE);
       // permission check for srcs
-      if (pc != null) {
+      if (fsd.isPermissionEnabled()) {

Review Comment:
   `if (fsd.isPermissionEnabled())` should be `if (pc != null && fsd.isPermissionEnabled())` here?





> Whether checking path access permissions should be decided by dfs.permissions.enabled in concat operation
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-16983
>                 URL: https://issues.apache.org/jira/browse/HDFS-16983
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 3.4.0
>            Reporter: caozhiqiang
>            Assignee: caozhiqiang
>            Priority: Major
>              Labels: pull-request-available
>
> In concat RPC, it will call FSDirConcatOp::verifySrcFiles() to check the source files. In this function, it would make permission check for srcs. Whether do the permission check should be decided by dfs.permissions.enabled configuration. And the 'pc' parameter is always not null.
> So we should change 'if (pc != null)' to 'if (fsd.isPermissionEnabled())'.
> {code:java}
> // permission check for srcs
> if (pc != null) {
>   fsd.checkPathAccess(pc, iip, FsAction.READ); // read the file
>   fsd.checkParentAccess(pc, iip, FsAction.WRITE); // for delete
> } 
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org