[jira] Updated: (HADOOP-4268) Permission checking in fsck

[Tsz Wo (Nicholas), SZE (JIRA)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-4268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tsz Wo (Nicholas), SZE updated HADOOP-4268:
-------------------------------------------

    Fix Version/s: 0.21.0
         Assignee: Tsz Wo (Nicholas), SZE
     Release Note: Add permission checking on fsck.  Before the changes, fsck 
invokes NameNode internal methods directly.  So that any user can run fsck on 
any path, even for the path they do not have permission to access the files.  
After the changes, fsck invokes the ClientProtocol methods.  Then the 
corresponding permission requirement for running the ClientProtocol methods 
will be enforced.
     Hadoop Flags: [Incompatible change, Reviewed]
           Status: Patch Available  (was: Open)

{noformat}
     [exec] +1 overall.  
     [exec] 
     [exec]     +1 @author.  The patch does not contain any @author tags.
     [exec] 
     [exec]     +1 tests included.  The patch appears to include 6 new or 
modified tests.
     [exec] 
     [exec]     +1 javadoc.  The javadoc tool did not generate any warning 
messages.
     [exec] 
     [exec]     +1 javac.  The applied patch does not increase the total number 
of javac compiler warnings.
     [exec] 
     [exec]     +1 findbugs.  The patch does not introduce any new Findbugs 
warnings.
     [exec] 
     [exec]     +1 Eclipse classpath. The patch retains Eclipse classpath 
integrity.
{noformat}

> Permission checking in fsck
> ---------------------------
>
>                 Key: HADOOP-4268
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4268
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.17.2
>            Reporter: Koji Noguchi
>            Assignee: Tsz Wo (Nicholas), SZE
>             Fix For: 0.21.0
>
>         Attachments: 4268_20081217.patch, 4268_20081218.patch, 
> 4268_20081218b.patch, 4268_20081230.patch
>
>
> Quoting from HADOOP-3222 ("fsck should require superuser privilege"), 
> bq. I agree that it makes sense to make fsck do permission checking for the 
> nodes that it traverses. If a user does a fsck on files/directories that 
> he/she has access to (using permissions) then that invocation of fsck should 
> be allowed. Since "/" is usually owned by super-user, only super-user should 
> be allowed to run fsck on "/".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.