[jira] Issue Comment Edited: (HADOOP-2514) Trash and permissions don't mix

Fri, 04 Jan 2008 08:46:57 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12555751#action_12555751
 ] 

hairong edited comment on HADOOP-2514 at 1/4/08 8:45 AM:
---------------------------------------------------------------

> No, it's a rename.

If we treat trashing as a rename, it is possible to move user B's files into 
user A's trash can. For example, there is world-wide rwx directory called 
/user/A/shared owned by user A, under which user B creates a file dirB/fileB 
with a permission 755. User A trashing /user/A/shared will move file fileB to 
its trash can. Is this acceptable? How does fileB  get removed from the trash 
can? On the other hand, removing the same directory from a program is denied 
because of the permission violation. Is this permission semantics difference 
acceptable?

      was (Author: hairong):
    > No, it's a rename.

If we treat trashing as a rename, it is possible to move user B's files into 
user A's trash can. For example, there is world-wide rwx directory called 
/user/A/shared owned by user A, under which user A creates a file XX. User A 
trashing /user/A/shared will move file XX to its trash can. Is this acceptable? 
How does file XX get removed from the trash can? On the other hand, removing 
the same directory from a program is denied because of the permission 
violation. Is this permission semantics difference acceptable?
  
> Trash and permissions don't mix
> -------------------------------
>
>                 Key: HADOOP-2514
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2514
>             Project: Hadoop
>          Issue Type: New Feature
>          Components: dfs
>    Affects Versions: 0.16.0
>            Reporter: Robert Chansler
>             Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the 
> server will at some point really delete the contents of trash. With the 
> advent of permissions, a user can "mv" folders that the user cannot "rm". The 
> present trash feature as implemented would allow the user to suborn the 
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else 
> can mv that same folder from the trash. This may be contrary to the 
> expectations of the user.
> What is a better model for trash?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to