[
https://issues.apache.org/jira/browse/HADOOP-8731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13455944#comment-13455944
]
Ivan Mitic commented on HADOOP-8731:
------------------------------------
{quote}Can you please clarify the following scenario so that other folks
reading this thread have it easy?
Directory A (perm for user Foo) contains directory B (perm for Everyone)
So contents of A will be private cache and contents of B will be public cache
on Windows but not on Linux.
{quote}
Correct.
The issue we are trying to mitigate on Windows comes from the default
permissions. Specifically, default permissions in terms of the Unix mask map to
"700" on Windows. This means that by default "others" (EVERYONE group) do not
have "r+x" permissions. This further means that, if we have a path
"c:\some\path\file1" and a user wants to upload "file1" to the public
distributed cache he has to change the permissions on the whole drive to do so.
Now, to make the scenario more "Windows friendly", we only require user to
change the permissions on the "file1" to make it public (more precisely to give
EVERYONE group read permissions on the "file1").
On Unix systems, given that default permissions are usually "775" or "755" the
scenario is completely opposite.
> Public distributed cache support for Windows
> --------------------------------------------
>
> Key: HADOOP-8731
> URL: https://issues.apache.org/jira/browse/HADOOP-8731
> Project: Hadoop Common
> Issue Type: Bug
> Components: filecache
> Reporter: Ivan Mitic
> Assignee: Ivan Mitic
> Attachments: HADOOP-8731-PublicCache.patch
>
>
> A distributed cache file is considered public (sharable between MR jobs) if
> OTHER has read permissions on the file and +x permissions all the way up in
> the folder hierarchy. By default, Windows permissions are mapped to "700" all
> the way up to the drive letter, and it is unreasonable to ask users to change
> the permission on the whole drive to make the file public. IOW, it is hardly
> possible to have public distributed cache on Windows.
> To enable the scenario and make it more "Windows friendly", the criteria on
> when a file is considered public should be relaxed. One proposal is to check
> whether the user has given EVERYONE group permission on the file only (and
> discard the +x check on parent folders).
> Security considerations for the proposal: Default permissions on Unix
> platforms are usually "775" or "755" meaning that OTHER users can read and
> list folders by default. What this also means is that Hadoop users have to
> explicitly make the files private in order to make them private in the
> cluster (please correct me if this is not the case in real life!). On
> Windows, default permissions are "700". This means that by default all files
> are private. In the new model, if users want to make them public, they have
> to explicitly add EVERYONE group permissions on the file.
> TestTrackerDistributedCacheManager fails because of this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
