[jira] [Commented] (FALCON-1162) Cluster submit succeeds when staging HDFS dir does not have 777 (ALL) permission

[Sowmya Ramesh (JIRA)]

    [ 
https://issues.apache.org/jira/browse/FALCON-1162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14505869#comment-14505869
 ] 

Sowmya Ramesh commented on FALCON-1162:
---------------------------------------

[~me.venkatr]: After FALCON-753, ownership of the staging dir was changed to 
user submitting the feed. This change would enforce staging directory to have 
777 permissions. FALCON-910 broke this contract and doesn't check for exact 
permissions.

Did you test this after the change? Did the cluster submission fail if the 
staging dir had 755 perm?

>From the code, in the method checkPathOwnerAndPermission exactPerms is used to 
>determine if exact permission has to checked or not.
Patch you provided has false for exactPerms, this should be true as staging dir 
should have the exact 777 permission.

If true is passed , then !exactPerms code in checkPathOwnerAndPermission never 
executed and should be removed. Tagging [~cryptoe] to make sure this change 
will not break what was fixed in Falcon-910.

{noformat}
            if (exactPerms) {
                if (fileStatus.getPermission().toShort() != 
expectedPermission.toShort()) {
                    LOG.error(errorMessage);
                    throw new ValidationException(errorMessage);
                }
            } else {
                if (expectedPermission.getUserAction().ordinal() > 
fileStatus.getPermission().getUserAction()
                        .ordinal()) {
                    LOG.error(errorMessage + " at least");
                    throw new ValidationException(errorMessage + " at least");
                }
                if (expectedPermission.getGroupAction().ordinal() > 
fileStatus.getPermission().getGroupAction()
                        .ordinal()) {
                    LOG.error(errorMessage + " at least");
                    throw new ValidationException(errorMessage + " at least");
                }
                if (expectedPermission.getOtherAction().ordinal() > 
fileStatus.getPermission().getOtherAction()
                        .ordinal()) {
                    LOG.error(errorMessage + " at least");
                    throw new ValidationException(errorMessage + " at least");
                }
            }
{noformat}

When you submit a patch please use the format <BugNo.version.patch> for the 
patch file name. Also status should be moved to "Patch Available" from "Open" - 
you will have to click on "Submit Patch" to change the status so that others 
know patch is available.

> Cluster submit succeeds when staging HDFS dir does not have 777 (ALL) 
> permission 
> ---------------------------------------------------------------------------------
>
>                 Key: FALCON-1162
>                 URL: https://issues.apache.org/jira/browse/FALCON-1162
>             Project: Falcon
>          Issue Type: Bug
>          Components: common
>    Affects Versions: 0.6
>            Reporter: Venkat Ramachandran
>            Assignee: Venkat Ramachandran
>            Priority: Blocker
>             Fix For: 0.6.1
>
>         Attachments: patch-1162.1
>
>
> Staging HDFS dir specified in the cluster definition should have WORLD 
> WRITABLE permission. It seems Cluster entity submit used to validate this 
> condition in order to avoid further runtime failures. 
> But, this check had been reverted as part of the FALCON-910 commits (only 
> checks for 755) as below:
> ClusterEntityParser.java   
> {code}
>         checkPathOwnerAndPermission(cluster.getName(),  
> stagingLocation.getPath(), fs, HadoopClientFactory.READ_EXECUTE_PERMISSION, 
> false);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)