[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[
https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated HDFS-15752:
-
Description:
attach my reproduce step to let others know we need prevent it.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
was:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step to let others know we need prevent it.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
> A user can obtain the infomation of blocks belong to other users
>
>
> Key: HDFS-15752
> URL: https://issues.apache.org/jira/browse/HDFS-15752
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Reporter: lujie
>Priority: Blocker
> Labels: fsck
>
> attach my reproduce step to let others know we need prevent it.
> {quote}reproduce step
> # login as one user, in our case, super user .
> # hadoop fs -mkdir /private
> # hadoop fs -chmod 700 /private
> # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
> # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the
> name of files in /private can be company name, bank name, customer's name,or
> other sensitive infomration, so we need chmod /private and files in it to
> 700)
> # login as non-admin user, named as user1
> # hdfs fsck -blockId $blockID # $blockID belong to
> file_name_sensitive.txt, user1 can infer the blockID based on his/her own
> block id. We can also find a suitable one by brute force search.
> # check the output
> Block Id: blk_1073741825
> Block belongs to:
> {color:#ff}/private/file_name_sensitive.txt{color}
> No. of Expected Replica: 3
> No. of live Replica: 2
> No. of exces
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[
https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated HDFS-15752:
-
Description:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step to let others know we need prevent it.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
was:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
> A user can obtain the infomation of blocks belong to other users
>
>
> Key: HDFS-15752
> URL: https://issues.apache.org/jira/browse/HDFS-15752
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Reporter: lujie
>Priority: Blocker
> Labels: fsck
>
> It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
> reattach my reproduce step to let others know we need prevent it.
> {quote}reproduce step
> # login as one user, in our case, super user .
> # hadoop fs -mkdir /private
> # hadoop fs -chmod 700 /private
> # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
> # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the
> name of files in /private can be company name, bank name, customer's name,or
> other sensitive infomration, so we need chmod /private and files in it to
> 700)
> # login as non-admin user, named as user1
> # hdfs fsck -blockId $blockID # $blockID belong to
> file_name_sensitive.txt, user1 can infer the blockID based on his/her own
> block id. We can also find a suitable one by brute force search.
> # check the output
> Block Id: blk_1073741825
> Block belongs to:
> {color:#ff}/private/file_name_sensitive.
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[
https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated HDFS-15752:
-
Description:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
was:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
> A user can obtain the infomation of blocks belong to other users
>
>
> Key: HDFS-15752
> URL: https://issues.apache.org/jira/browse/HDFS-15752
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Reporter: lujie
>Priority: Blocker
> Labels: fsck
>
> It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
> reattach my reproduce step.
> {quote}reproduce step
> # login as one user, in our case, super user .
> # hadoop fs -mkdir /private
> # hadoop fs -chmod 700 /private
> # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
> # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the
> name of files in /private can be company name, bank name, customer's name,or
> other sensitive infomration, so we need chmod /private and files in it to
> 700)
> # login as non-admin user, named as user1
> # hdfs fsck -blockId $blockID # $blockID belong to
> file_name_sensitive.txt, user1 can infer the blockID based on his/her own
> block id. We can also find a suitable one by brute force search.
> # check the output
> Block Id: blk_1073741825
> Block belongs to:
> {color:#ff}/private/file_name_sensitive.txt{color}
> No. of Expected Replica: 3
> No. of live Replica
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[
https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated HDFS-15752:
-
Description:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
reattach my reproduce step.
{quote}reproduce step
# login as one user, in our case, super user .
# hadoop fs -mkdir /private
# hadoop fs -chmod 700 /private
# echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
# hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name
of files in /private can be company name, bank name, customer's name,or other
sensitive infomration, so we need chmod /private and files in it to 700)
# login as non-admin user, named as user1
# hdfs fsck -blockId $blockID # $blockID belong to
file_name_sensitive.txt, user1 can infer the blockID based on his/her own
block id. We can also find a suitable one by brute force search.
# check the output
Block Id: blk_1073741825
Block belongs to:
{color:#ff}/private/file_name_sensitive.txt{color}
No. of Expected Replica: 3
No. of live Replica: 2
No. of excess Replica: 0
No. of stale Replica: 0
No. of decommissioned Replica: 0
No. of decommissioning Replica: 0
No. of corrupted Replica: 0
Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
9. we can see that user1 can see the file name in /private. But in
correct case, for example, user1 do "ls /private", the outpur is
Permission denied: user=user1, access=READ_EXECUTE,
inode="/private":hdfs:hdfs:drwx--{quote}
was:
It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
For record, i re
> A user can obtain the infomation of blocks belong to other users
>
>
> Key: HDFS-15752
> URL: https://issues.apache.org/jira/browse/HDFS-15752
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Reporter: lujie
>Priority: Blocker
> Labels: fsck
>
> It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717.
> reattach my reproduce step.
> {quote}reproduce step
> # login as one user, in our case, super user .
> # hadoop fs -mkdir /private
> # hadoop fs -chmod 700 /private
> # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt
> # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the
> name of files in /private can be company name, bank name, customer's name,or
> other sensitive infomration, so we need chmod /private and files in it to
> 700)
> # login as non-admin user, named as user1
> # hdfs fsck -blockId $blockID # $blockID belong to
> file_name_sensitive.txt, user1 can infer the blockID based on his/her own
> block id. We can also find a suitable one by brute force search.
> # check the output
> Block Id: blk_1073741825
> Block belongs to:
> {color:#ff}/private/file_name_sensitive.txt{color}
> No. of Expected Replica: 3
> No. of live Replica: 2
> No. of excess Replica: 0
> No. of stale Replica: 0
> No. of decommissioned Replica: 0
> No. of decommissioning Replica: 0
> No. of corrupted Replica: 0
> Block replica on datanode/rack: hadoop13/default-rack is HEALTHY
> Block replica on datanode/rack: hadoop12/default-rack is HEALTHY
> 9. we can see that user1 can see the file name in /private. But in
> correct case, for example, user1 do "ls /private", the outpur is
> Permission denied: user=user1, access=READ_EXECUTE,
> inode="/private":hdfs:hdfs:drwx--{quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. For record, i re was:keep it private now. > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. > For record, i re -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: HDFS-15752_2.patch) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: HDFS-15752_2.patch > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > Attachments: HDFS-15752_2.patch > > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Status: Open (was: Patch Available) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: keep it private now. (was: There maybe a security hole in fsck, now i keep it private. ) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Priority: Blocker (was: Critical) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > There maybe a security hole in fsck, now i keep it private. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: There maybe a security hole in fsck, now i keep it private. (was: keep it private now.) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: fsck > > There maybe a security hole in fsck, now i keep it private. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Priority: Critical (was: Major) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-13-03-24-641.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: HDFS-15752_1.patch) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: keep it private now. (was: KKerberos is enable and easy to reproduce: # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' # hadoop dfs -chmod 700 /hbase/hbase.id # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to '/hbase/hbase.id'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png!) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[
https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lujie updated HDFS-15752:
-
Attachment: HDFS-15752_1.patch
Assignee: lujie
Status: Patch Available (was: Open)
After fixing, the client output can be like:
{code:java}
FSCK started by user1 (auth:KERBEROS_SSL) from /172.18.1.128 at Fri Dec 25
08:37:19 UTC 2020Permission denied: user=user1, access=READ,
inode="/hello_world.txt":hdfs:hdfs:-rwx--
{code}
> A user can obtain the infomation of blocks belong to other users
>
>
> Key: HDFS-15752
> URL: https://issues.apache.org/jira/browse/HDFS-15752
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
>Reporter: lujie
>Assignee: lujie
>Priority: Major
> Labels: fsck
> Attachments: HDFS-15752_1.patch, image-2020-12-25-13-03-24-641.png
>
>
> KKerberos is enable and easy to reproduce:
> # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase'
> # hadoop dfs -chmod 700 /hbase/hbase.id
> # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826
> belong to '/hbase/hbase.id'.
> # then we can see the block info:
> !image-2020-12-25-13-03-24-641.png!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' # hadoop dfs -chmod 700 /hbase/hbase.id # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to '/hbase/hbase.id'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' > # hadoop dfs -chmod 700 /hbase/hbase.id > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to '/hbase/hbase.id'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: image-2020-12-25-13-03-24-641.png > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-13-02-49-955.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-02-49-955.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-02-49-955.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: # > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: # was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > # -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-12-59-39-137.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > # -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: image-2020-12-25-13-02-49-955.png > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 # belong to files. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Labels: fsck (was: ) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > # belong to files. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Component/s: security > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > # belong to files. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
