[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: attach my reproduce step to let others know we need prevent it. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} was: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step to let others know we need prevent it. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > attach my reproduce step to let others know we need prevent it. > {quote}reproduce step > # login as one user, in our case, super user . > # hadoop fs -mkdir /private > # hadoop fs -chmod 700 /private > # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt > # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the > name of files in /private can be company name, bank name, customer's name,or > other sensitive infomration, so we need chmod /private and files in it to > 700) > # login as non-admin user, named as user1 > # hdfs fsck -blockId $blockID # $blockID belong to > file_name_sensitive.txt, user1 can infer the blockID based on his/her own > block id. We can also find a suitable one by brute force search. > # check the output > Block Id: blk_1073741825 > Block belongs to: > {color:#ff}/private/file_name_sensitive.txt{color} > No. of Expected Replica: 3 > No. of live Replica: 2 > No. of exces
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step to let others know we need prevent it. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} was: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. > reattach my reproduce step to let others know we need prevent it. > {quote}reproduce step > # login as one user, in our case, super user . > # hadoop fs -mkdir /private > # hadoop fs -chmod 700 /private > # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt > # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the > name of files in /private can be company name, bank name, customer's name,or > other sensitive infomration, so we need chmod /private and files in it to > 700) > # login as non-admin user, named as user1 > # hdfs fsck -blockId $blockID # $blockID belong to > file_name_sensitive.txt, user1 can infer the blockID based on his/her own > block id. We can also find a suitable one by brute force search. > # check the output > Block Id: blk_1073741825 > Block belongs to: > {color:#ff}/private/file_name_sensitive.
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} was: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. > reattach my reproduce step. > {quote}reproduce step > # login as one user, in our case, super user . > # hadoop fs -mkdir /private > # hadoop fs -chmod 700 /private > # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt > # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the > name of files in /private can be company name, bank name, customer's name,or > other sensitive infomration, so we need chmod /private and files in it to > 700) > # login as non-admin user, named as user1 > # hdfs fsck -blockId $blockID # $blockID belong to > file_name_sensitive.txt, user1 can infer the blockID based on his/her own > block id. We can also find a suitable one by brute force search. > # check the output > Block Id: blk_1073741825 > Block belongs to: > {color:#ff}/private/file_name_sensitive.txt{color} > No. of Expected Replica: 3 > No. of live Replica
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. reattach my reproduce step. {quote}reproduce step # login as one user, in our case, super user . # hadoop fs -mkdir /private # hadoop fs -chmod 700 /private # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the name of files in /private can be company name, bank name, customer's name,or other sensitive infomration, so we need chmod /private and files in it to 700) # login as non-admin user, named as user1 # hdfs fsck -blockId $blockID # $blockID belong to file_name_sensitive.txt, user1 can infer the blockID based on his/her own block id. We can also find a suitable one by brute force search. # check the output Block Id: blk_1073741825 Block belongs to: {color:#ff}/private/file_name_sensitive.txt{color} No. of Expected Replica: 3 No. of live Replica: 2 No. of excess Replica: 0 No. of stale Replica: 0 No. of decommissioned Replica: 0 No. of decommissioning Replica: 0 No. of corrupted Replica: 0 Block replica on datanode/rack: hadoop13/default-rack is HEALTHY Block replica on datanode/rack: hadoop12/default-rack is HEALTHY 9. we can see that user1 can see the file name in /private. But in correct case, for example, user1 do "ls /private", the outpur is Permission denied: user=user1, access=READ_EXECUTE, inode="/private":hdfs:hdfs:drwx--{quote} was: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. For record, i re > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. > reattach my reproduce step. > {quote}reproduce step > # login as one user, in our case, super user . > # hadoop fs -mkdir /private > # hadoop fs -chmod 700 /private > # echo "data" | hadoop fs -put - /private/file_name_sensitive.txt > # hadoop fs -chmod 700 /private/file_name_sensitive.txt #(the > name of files in /private can be company name, bank name, customer's name,or > other sensitive infomration, so we need chmod /private and files in it to > 700) > # login as non-admin user, named as user1 > # hdfs fsck -blockId $blockID # $blockID belong to > file_name_sensitive.txt, user1 can infer the blockID based on his/her own > block id. We can also find a suitable one by brute force search. > # check the output > Block Id: blk_1073741825 > Block belongs to: > {color:#ff}/private/file_name_sensitive.txt{color} > No. of Expected Replica: 3 > No. of live Replica: 2 > No. of excess Replica: 0 > No. of stale Replica: 0 > No. of decommissioned Replica: 0 > No. of decommissioning Replica: 0 > No. of corrupted Replica: 0 > Block replica on datanode/rack: hadoop13/default-rack is HEALTHY > Block replica on datanode/rack: hadoop12/default-rack is HEALTHY > 9. we can see that user1 can see the file name in /private. But in > correct case, for example, user1 do "ls /private", the outpur is > Permission denied: user=user1, access=READ_EXECUTE, > inode="/private":hdfs:hdfs:drwx--{quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. For record, i re was:keep it private now. > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > It has been fix as part of https://issues.apache.org/jira/browse/HDFS-15717. > For record, i re -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: HDFS-15752_2.patch) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: HDFS-15752_2.patch > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > Attachments: HDFS-15752_2.patch > > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Status: Open (was: Patch Available) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: keep it private now. (was: There maybe a security hole in fsck, now i keep it private. ) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Priority: Blocker (was: Critical) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Blocker > Labels: fsck > > There maybe a security hole in fsck, now i keep it private. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: There maybe a security hole in fsck, now i keep it private. (was: keep it private now.) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: fsck > > There maybe a security hole in fsck, now i keep it private. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Priority: Critical (was: Major) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-13-03-24-641.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: HDFS-15752_1.patch) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: keep it private now. (was: KKerberos is enable and easy to reproduce: # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' # hadoop dfs -chmod 700 /hbase/hbase.id # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to '/hbase/hbase.id'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png!) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > > keep it private now. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: HDFS-15752_1.patch Assignee: lujie Status: Patch Available (was: Open) After fixing, the client output can be like: {code:java} FSCK started by user1 (auth:KERBEROS_SSL) from /172.18.1.128 at Fri Dec 25 08:37:19 UTC 2020Permission denied: user=user1, access=READ, inode="/hello_world.txt":hdfs:hdfs:-rwx-- {code} > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Assignee: lujie >Priority: Major > Labels: fsck > Attachments: HDFS-15752_1.patch, image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' > # hadoop dfs -chmod 700 /hbase/hbase.id > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to '/hbase/hbase.id'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' # hadoop dfs -chmod 700 /hbase/hbase.id # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to '/hbase/hbase.id'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as '/hbase/hbase.id') into hdfs as user 'hbase' > # hadoop dfs -chmod 700 /hbase/hbase.id > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to '/hbase/hbase.id'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: image-2020-12-25-13-03-24-641.png > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-13-02-49-955.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-03-24-641.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-02-49-955.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-03-24-641.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-03-24-641.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-13-02-49-955.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: # > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'hbase' # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 belong to 'file1'. # then we can see the block info: # was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > # -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: (was: image-2020-12-25-12-59-39-137.png) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > # -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Attachment: image-2020-12-25-13-02-49-955.png > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-13-02-49-955.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'hbase' > # execute 'hdfs fsck -blockId blk_1073741826' as user1, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-13-02-49-955.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Description: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 belong to 'file1'. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! was: KKerberos is enable and easy to reproduce: # put a file(named as 'file1') into hdfs as user 'user1' # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 # belong to files. # then we can see the block info: !image-2020-12-25-12-59-39-137.png! > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > belong to 'file1'. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Labels: fsck (was: ) > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Labels: fsck > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > # belong to files. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-15752) A user can obtain the infomation of blocks belong to other users
[ https://issues.apache.org/jira/browse/HDFS-15752?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] lujie updated HDFS-15752: - Component/s: security > A user can obtain the infomation of blocks belong to other users > > > Key: HDFS-15752 > URL: https://issues.apache.org/jira/browse/HDFS-15752 > Project: Hadoop HDFS > Issue Type: Bug > Components: security >Reporter: lujie >Priority: Major > Attachments: image-2020-12-25-12-59-39-137.png > > > KKerberos is enable and easy to reproduce: > # put a file(named as 'file1') into hdfs as user 'user1' > # execute 'hdfs fsck -blockId blk_1073741826' as user2, blk_1073741826 > # belong to files. > # then we can see the block info: > !image-2020-12-25-12-59-39-137.png! -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org