[
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12555750#action_12555750
]
Sanjay Radia commented on HADOOP-2514:
--------------------------------------
>No, it's a rename. We shouldn't need to add "special" directories or other
>features to the filesystem to support trash.
Yes not having special behavior is good.
In all desktop systems, both "move to trash" and "cleanup trash" are user
operations.
In our case "trash cleanup" needs to be a superuser permission.
So we have to watch out for the case where one does not trick the super user
into deleting stuff.
Yes one can put special checks in the super user thead to to not delete things
that the original user
did not have permission to delete but all this thread can do is not delete it.
It will remain in the trashbin
forever. The user should have been notified when he did the original
delete/rename that he is not allowed
to delete/rename.
The problem is the asymmetry: delete rename bing done by user but trash recycle
being done by a super user thread. Also running the recycler in supersuer mode
is "kind of special behaviour".
> Trash and permissions don't mix
> -------------------------------
>
> Key: HADOOP-2514
> URL: https://issues.apache.org/jira/browse/HADOOP-2514
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.16.0
> Reporter: Robert Chansler
> Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the
> server will at some point really delete the contents of trash. With the
> advent of permissions, a user can "mv" folders that the user cannot "rm". The
> present trash feature as implemented would allow the user to suborn the
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else
> can mv that same folder from the trash. This may be contrary to the
> expectations of the user.
> What is a better model for trash?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
