I think this is the same problem related to this mail thread.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg02759.html
A JIRA has been filed, please see HADOOP-2915.
On Fri, Mar 14, 2008 at 2:08 AM, Stefan Groschupf <[EMAIL PROTECTED]> wrote:
> Hi,
> any magic we can do with hadoop.dfs.umask? Or is there any other off
> switch for the file security?
> Thanks.
> Stefan
> On Mar 13, 2008, at 11:26 PM, Stefan Groschupf wrote:
>
> > Hi Nicholas, Hi All,
> >
> > I definitely can reproduce the problem Johannes describes.
> > Also from debugging through the code it is clearly a bug from my
> > point of view.
> > So this is the call stack:
> > SequenceFile.createWriter
> > FileSystem.create
> > DFSClient.create
> > namenode.create
> > In NameNode I found this:
> > namesystem.startFile(src,
> > new PermissionStatus(Server.getUserInfo().getUserName(),
> > null, masked),
> > clientName, clientMachine, overwrite, replication, blockSize);
> >
> > In getUserInfo is this comment:
> > // This is to support local calls (as opposed to rpc ones) to the
> > name-node.
> > // Currently it is name-node specific and should be placed
> > somewhere else.
> > try {
> > return UnixUserGroupInformation.login();
> > The login javaDoc says:
> > /**
> > * Get current user's name and the names of all its groups from Unix.
> > * It's assumed that there is only one UGI per user. If this user
> > already
> > * has a UGI in the ugi map, return the ugi in the map.
> > * Otherwise get the current user's information from Unix, store it
> > * in the map, and return it.
> > */
> >
> > Beside of that I had some interesting observations.
> > If I have permissions to write to a folder A I can delete folder A
> > and file B that is inside of folder A even if I do have no
> > permissions for B.
> >
> > Also I noticed following in my dfs
> > [EMAIL PROTECTED] hadoop]$ bin/hadoop fs -ls /user/joa23/
> > myApp-1205474968598
> > Found 1 items
> > /user/joa23/myApp-1205474968598/VOICE_CALL <dir> 2008-03-13
> 16:00
> > rwxr-xr-x hadoop supergroup
> > [EMAIL PROTECTED] hadoop]$ bin/hadoop fs -ls /user/joa23/
> > myApp-1205474968598/VOICE_CALL
> > Found 1 items
> > /user/joa23/myApp-1205474968598/VOICE_CALL/part-00000 <r 3> 27311
> > 2008-03-13 16:00 rw-r--r-- joa23 supergroup
> >
> > Do I miss something or was I able to write as user joa23 into a
> > folder owned by hadoop where I should have no permissions. :-O.
> > Should I open some jira issues?
> >
> > Stefan
> >
> >
> >
> >
> >
> > On Mar 13, 2008, at 10:55 AM, [EMAIL PROTECTED] wrote:
> >
> >> Hi Johannes,
> >>
> >>> i'm using the 0.16.0 distribution.
> >> I assume you mean the 0.16.0 release (
> http://hadoop.apache.org/core/releases.html
> >> ) without any additional patch.
> >>
> >> I just have tried it but cannot reproduce the problem you
> >> described. I did the following:
> >> 1) start a cluster with "tsz"
> >> 2) run a job with "nicholas"
> >>
> >> The output directory and files are owned by "nicholas". Am I doing
> >> the same thing you did? Could you try again?
> >>
> >> Nicholas
> >>
> >>
> >>> ----- Original Message ----
> >>> From: Johannes Zillmann <[EMAIL PROTECTED]>
> >>> To: core-user@hadoop.apache.org
> >>> Sent: Wednesday, March 12, 2008 5:47:27 PM
> >>> Subject: file permission problem
> >>>
> >>> Hi,
> >>>
> >>> i have a question regarding the file permissions.
> >>> I have a kind of workflow where i submit a job from my laptop to a
> >>> remote hadoop cluster.
> >>> After the job finished i do some file operations on the generated
> >>> output.
> >>> The "cluster-user" is different to the "laptop-user". As output i
> >>> specify a directory inside the users home. This output directory,
> >>> created through the map-reduce job has "cluster-user" permissions,
> >>> so
> >>> this does not allow me to move or delete the output folder with my
> >>> "laptop-user".
> >>>
> >>> So it looks as follow:
> >>> /user/jz/ rwxrwxrwx jz supergroup
> >>> /user/jz/output rwxr-xr-x hadoop supergroup
> >>>
> >>> I tried different things to achieve what i want (moving/deleting the
> >>> output folder):
> >>> - jobConf.setUser("hadoop") on the client side
> >>> - System.setProperty("user.name","hadoop") before jobConf
> >>> instantiation
> >>> on the client side
> >>> - add user.name node in the hadoop-site.xml on the client side
> >>> - setPermision(777) on the home folder on the client side (does
> >>> not work
> >>> recursiv)
> >>> - setPermision(777) on the output folder on the client side
> >>> (permission
> >>> denied)
> >>> - create the output folder before running the job (Output directory
> >>> already exists exception)
> >>>
> >>> None of the things i tried worked. Is there a way to achieve what
> >>> i want ?
> >>> Any ideas appreciated!
> >>>
> >>> cheers
> >>> Johannes
> >>>
> >>>
> >>>
> >>
> >>
> >> --
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> 101tec GmbH
> >>
> >> Halle (Saale), Saxony-Anhalt, Germany
> >> http://www.101tec.com
> >>
> >>
> >>
> >>
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > 101tec Inc.
> > Menlo Park, California, USA
> > http://www.101tec.com
> >
> >
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 101tec Inc.
> Menlo Park, California, USA
> http://www.101tec.com
>
>
>
