[
https://issues.apache.org/jira/browse/HADOOP-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556138#action_12556138
]
Doug Cutting commented on HADOOP-2514:
--------------------------------------
> Trashing will be more efficent
I think it is premature to optimize this, especially if that involves
complicating the namenode kernel.
> We are able to treat delete as delete not rename and therefore perform the
> right permission checking.
I'm confused by this. Moving something to the trash is not deleting it, it's
moving it. Don't we want folks to be able to move things out of the trash
again? So the trash needs to be a directory where the user can write things,
and that permission must be validated on move-to-trash. We might also check
some other things, like whether the user has the right to delete those files,
but that's just to keep folks from being surprised later if their trash isn't
actually deleted. Someone could still chmod something in the trash and get
into the same situation. To truly prevent that we'd need to make the trash
into some sort of special purgatory directory with behavior like no other, no?
> Trash and permissions don't mix
> -------------------------------
>
> Key: HADOOP-2514
> URL: https://issues.apache.org/jira/browse/HADOOP-2514
> Project: Hadoop
> Issue Type: New Feature
> Components: dfs
> Affects Versions: 0.16.0
> Reporter: Robert Chansler
> Fix For: 0.16.0
>
>
> Shell command "rm" is really "mv" to trash with the expectation that the
> server will at some point really delete the contents of trash. With the
> advent of permissions, a user can "mv" folders that the user cannot "rm". The
> present trash feature as implemented would allow the user to suborn the
> server into deleting a folder in violation of the permissions model.
> A related issue is that if anybody can mv a folder to the trash anybody else
> can mv that same folder from the trash. This may be contrary to the
> expectations of the user.
> What is a better model for trash?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
