[
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12555702#action_12555702
]
Hairong Kuang commented on HADOOP-2514:
---------------------------------------
>> treat move to trash slightly differently [ ... ]
>Making move-to-trash a special case would require changes to
>non-Trash-specific code. Rather, one could make the trash emptier to check
>that the trash owner has permission, keeping trash handling out of the
>filesystem's core.
It seems to me that moving an inode to the trash can should be treated
differently from moving an inode to somewhere else because moving to the trash
can is essentially a deletion operation. It's permission checking semantics is
different from that of a regular move. How can we keep it out of the
filesystem's core?
> Trash and permissions don't mix
> -------------------------------
>
> Key: HADOOP-2514
> URL: https://issues.apache.org/jira/browse/HADOOP-2514
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.16.0
> Reporter: Robert Chansler
> Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the
> server will at some point really delete the contents of trash. With the
> advent of permissions, a user can "mv" folders that the user cannot "rm". The
> present trash feature as implemented would allow the user to suborn the
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else
> can mv that same folder from the trash. This may be contrary to the
> expectations of the user.
> What is a better model for trash?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
