[
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556134#action_12556134
]
Hairong Kuang commented on HADOOP-2514:
---------------------------------------
> makes the NN aware of the special case for trash (ugly)).
I agree that NN aware of trash is not elegant, but I also see many advantages.
1. Trashing will be more efficent because no need to perform mutiple RPCs to
get the status of directories/files in the subtree and no need to to perform
rename RPCs for each file.
2. We are able to treat delete as delete not rename and therefore perform the
right permission checking.
3. Since files not owned by the user can not be move to the user's personal
trash can, no permission checking is needed when emptying trashbin and we can
allow the superuser to do it.
One idea in this line is to provide an API in the FileSystem interface "void
delete(Path path, boolean needTrash)", where the parameter needTrash indicates
if the file/directory will be move to a trashbin or be permanently removed.
This allows that programtically file deletion to get better protection by using
trashbin.
> Trash and permissions don't mix
> -------------------------------
>
> Key: HADOOP-2514
> URL: https://issues.apache.org/jira/browse/HADOOP-2514
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.16.0
> Reporter: Robert Chansler
> Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the
> server will at some point really delete the contents of trash. With the
> advent of permissions, a user can "mv" folders that the user cannot "rm". The
> present trash feature as implemented would allow the user to suborn the
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else
> can mv that same folder from the trash. This may be contrary to the
> expectations of the user.
> What is a better model for trash?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
