hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sivaguru Sankaridurg (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14820) Wasb mkdirs security checks inconsistent with HDFS
Date Fri, 01 Sep 2017 10:36:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16150349#comment-16150349

Sivaguru Sankaridurg commented on HADOOP-14820:

patch 006 :- {{testMkdirsWithExistingHierarchyCheckPositive2}} does not seem right. childPath3
has already been created.
Later when childPath3 is created again, it won't go up two levels .. it will be a no-op.

The modifications to the test, to do what you intended is below:


  public void testMkdirsWithExistingHierarchyCheckPositive2() throws Throwable {

    Path testPath = new Path("/testMkdirsWithExistingHierarchyCheckPositive2");
    Path childPath1 = new Path(testPath, "1");
    Path childPath2 = new Path(childPath1, "2");
    Path childPath3 = new Path(childPath2, "3");

        WasbAuthorizationOperations.WRITE.toString(), true);

        WasbAuthorizationOperations.WRITE.toString(), true);


    try {
      ContractTestUtils.assertIsDirectory(fs, childPath1);

      // Path already exists => no-op.
      ContractTestUtils.assertIsDirectory(fs, testPath);

      // Path already exists => no-op.
      ContractTestUtils.assertIsDirectory(fs, childPath1);

      // Check permissions against existing ancestor childPath1
      ContractTestUtils.assertIsDirectory(fs, childPath3);
    finally {
      allowRecursiveDelete(fs, testPath.toString());
      fs.delete(testPath, true);


> Wasb mkdirs security checks inconsistent with HDFS
> --------------------------------------------------
>                 Key: HADOOP-14820
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14820
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 2.8.1
>            Reporter: Sivaguru Sankaridurg
>            Assignee: Sivaguru Sankaridurg
>              Labels: azure, fs, secure, wasb
>         Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch, HADOOP-14820.003.patch,
HADOOP-14820.004.patch, HADOOP-14820.005.patch, HADOOP-14820-006.patch
> No authorization checks should be made when a user tries to create (mkdirs -p) an existing
folder hierarchy.
> For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the following
operations, the results should be as shown below.
> {noformat}
> hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix
> hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix
> hdiuser@hn0-0d2f67:~$ ls -l
> dr-xr-xr-x 3 root    root      4096 Aug 29 08:25 prefix
> hdiuser@hn0-0d2f67:~$ mkdir -p /home
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1
> mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied
> The first three mkdirs succeed, because the ancestor is already present. The fourth one
fails because of a permission check against the (shorter) ancestor (as compared to the path
being created).
> {noformat}

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message