[jira] [Commented] (HDFS-10324) Trash directory in an encryption zone should be pre-created with sticky bit

Mon, 25 Apr 2016 10:40:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-10324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15256666#comment-15256666
 ] 

Andrew Wang commented on HDFS-10324:
------------------------------------

I'm somewhat concerned about the compatibility issues of automatically creating 
the trash dir on {{createZone}}. It means a simple workflow like {{mkdir /ez; 
createZone /ez; rmdir /ez}} won't work anymore. It's also true though that this 
won't be that common, and if we don't create the .Trash dir, trash won't work 
out-of-the-box.

So overall I like Xiaoyu's proposal, except I would change #2 to only 
create/chmod if the .Trash dir doesn't exist. The trash might already be setup 
in a specific way by the admin. The error message can explain the manual steps, 
since it's not that complicated.

We can also improve the error message when EZ trash fails to refer users to the 
new "hdfs crypto -provisionTrash" command. Right now the error message is 
rather non-specific.

> Trash directory in an encryption zone should be pre-created with sticky bit
> ---------------------------------------------------------------------------
>
>                 Key: HDFS-10324
>                 URL: https://issues.apache.org/jira/browse/HDFS-10324
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 2.8.0
>         Environment: CDH5.7.0
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>         Attachments: HDFS-10324.001.patch, HDFS-10324.002.patch
>
>
> We encountered a bug in HDFS-8831:
> After HDFS-8831, a deleted file in an encryption zone is moved to a .Trash 
> subdirectory within the encryption zone.
> However, if this .Trash subdirectory is not created beforehand, it will be 
> created and owned by the first user who deleted a file, with permission 
> drwx------. This creates a serious bug because any other non-privileged user 
> will not be able to delete any files within the encryption zone, because they 
> do not have the permission to move directories to the trash directory.
> We should fix this bug, by pre-creating the .Trash directory with sticky bit.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to