hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuan Liu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-9006) Winutils should keep Administrators privileges intact
Date Wed, 07 Nov 2012 02:04:12 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-9006?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chuan Liu updated HADOOP-9006:

    Attachment: HADOOP-9006-branch-1-win.patch

Attach a path.

We did the following two changes for chmod and chown respectively:

1) For 'chmod', we will give Administrator, SYSTEM, file creator full permission, and inheritable
(OI, CI). One exception is if Administrator or System account set permission itself. In this
case, we will set the permission according to the instruction instead of giving them full
permission as in the default setting.

2) For 'chown', we will get the old Unix permission, and set the ownership, then re-apply
the old Unix permission to the new file owner. This differs greatly with previous version.
In previous version, we will go through the DACL list and alter each entry belong to the old
owner in the list to the new owner.
> Winutils should keep Administrators privileges intact
> -----------------------------------------------------
>                 Key: HADOOP-9006
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9006
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 1-win
>            Reporter: Chuan Liu
>            Assignee: Chuan Liu
>            Priority: Minor
>             Fix For: 1-win
>         Attachments: HADOOP-9006-branch-1-win.patch
> This issue was originally discovered by [~ivanmi]. Cite his words as follows.
> {quote}
> Current by design behavior is for winutils to ACL the folders only for the user passed
in thru chmod/chown. This causes some un-natural side effects in cases where Hadoop services
run in the context of a non-admin user. For example, Administrators on the box will no longer
be able to:
>  - delete files created in the context of Hadoop services (other users)
>  - check the size of the folder where HDFS blocks are stored
> {quote}
> In my opinion, it is natural for some special accounts on Windows to be able to access
all the folders, including Hadoop folders. This is similar to Linux in the way root users
on Linux can always access any directories regardless the permissions set the those directories.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message