[jira] [Commented] (HDFS-6165) "hdfs dfs -rm -r" is slightly different from the Unix "rm -r" for deleting an empty directory

Chris Nauroth (JIRA) Fri, 28 Mar 2014 16:48:06 -0700

    [ 
https://issues.apache.org/jira/browse/HDFS-6165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13951601#comment-13951601
 ]


Chris Nauroth commented on HDFS-6165:
-------------------------------------

It may be informative to refer to POSIX as a standard and GNU coreutils as a 
sample implementation.  Here is the documentation on rm:

http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html

bq. If the current file is a directory, rm shall perform actions equivalent to 
the rmdir() ...

Here is rmdir:

http://pubs.opengroup.org/onlinepubs/9699919799/functions/rmdir.html

{quote}
The rmdir() function shall fail if:

[EACCES]
Search permission is denied on a component of the path prefix, or write 
permission is denied on the parent directory of the directory to be removed.
{quote}

I see no mention of any permission requirements directly on the directory to be 
removed.  Looking at the GNU coreutils implementation, it appears that the 
"remove write-protected" prompt some of you reported seeing is not part of core 
file system permission enforcement.  Instead, it's just a nicety of the shell 
utility.

http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=blob;f=src/remove.c;h=b98f3ecb286bd79c203abca709dcfec63c55db8f;hb=HEAD#l284

I'd appreciate someone else double-checking this too.  As Daryn said, it's a 
sensitive area.

> "hdfs dfs -rm -r" is slightly different from the Unix "rm -r" for deleting an 
> empty directory
> ---------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6165
>                 URL: https://issues.apache.org/jira/browse/HDFS-6165
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: hdfs-client
>    Affects Versions: 2.3.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>            Priority: Minor
>         Attachments: HDFS-6165.001.patch
>
>
> Given a directory owned by user A with permissions 0700 containing an empty 
> directory owned by user B, it is not possible to delete user B's directory. 
> This is incorrect. Write permission on the containing directory should be all 
> that is needed to delete the child directory. Here's a reproduction:
> {code}
> [root@vm01 ~]# hdfs dfs -ls /user/
> Found 4 items
> drwxr-xr-x   - userabc users               0 2013-05-03 01:55 /user/userabc
> drwxr-xr-x   - hdfs    supergroup          0 2013-05-03 00:28 /user/hdfs
> drwxrwxrwx   - mapred  hadoop              0 2013-05-03 00:13 /user/history
> drwxr-xr-x   - hdfs    supergroup          0 2013-04-14 16:46 /user/hive
> [root@vm01 ~]# hdfs dfs -ls /user/userabc
> Found 8 items
> drwx------   - userabc users          0 2013-05-02 17:00 /user/userabc/.Trash
> drwxr-xr-x   - userabc users          0 2013-05-03 01:34 /user/userabc/.cm
> drwx------   - userabc users          0 2013-05-03 01:06 
> /user/userabc/.staging
> drwxr-xr-x   - userabc users          0 2013-04-14 18:31 /user/userabc/apps
> drwxr-xr-x   - userabc users          0 2013-04-30 18:05 /user/userabc/ds
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:54 /user/userabc/foo
> drwxr-xr-x   - userabc users          0 2013-04-30 16:18 
> /user/userabc/maven_source
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:40 
> /user/userabc/test-restore
> [root@vm01 ~]# hdfs dfs -ls /user/userabc/foo/
> [root@vm01 ~]# sudo -u userabc hdfs dfs -rm -r -skipTrash /user/userabc/foo
> rm: Permission denied: user=userabc, access=ALL, 
> inode="/user/userabc/foo":hdfs:users:drwxr-xr-x
> {code}
> The super user can delete the directory.
> {code}
> [root@vm01 ~]# sudo -u hdfs hdfs dfs -rm -r -skipTrash /user/userabc/foo
> Deleted /user/userabc/foo
> {code}
> The same is not true for files, however. They have the correct behavior.
> {code}
> [root@vm01 ~]# sudo -u hdfs hdfs dfs -touchz /user/userabc/foo-file
> [root@vm01 ~]# hdfs dfs -ls /user/userabc/
> Found 8 items
> drwx------   - userabc users          0 2013-05-02 17:00 /user/userabc/.Trash
> drwxr-xr-x   - userabc users          0 2013-05-03 01:34 /user/userabc/.cm
> drwx------   - userabc users          0 2013-05-03 01:06 
> /user/userabc/.staging
> drwxr-xr-x   - userabc users          0 2013-04-14 18:31 /user/userabc/apps
> drwxr-xr-x   - userabc users          0 2013-04-30 18:05 /user/userabc/ds
> -rw-r--r--   1 hdfs    users          0 2013-05-03 02:11 
> /user/userabc/foo-file
> drwxr-xr-x   - userabc users          0 2013-04-30 16:18 
> /user/userabc/maven_source
> drwxr-xr-x   - hdfs    users          0 2013-05-03 01:40 
> /user/userabc/test-restore
> [root@vm01 ~]# sudo -u userabc hdfs dfs -rm -skipTrash /user/userabc/foo-file
> Deleted /user/userabc/foo-file
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Commented] (HDFS-6165) "hdfs dfs -rm -r" is slightly different from the Unix "rm -r" for deleting an empty directory

Reply via email to