[
https://issues.apache.org/jira/browse/HADOOP-14820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16150349#comment-16150349
]
Sivaguru Sankaridurg commented on HADOOP-14820:
-----------------------------------------------
patch 006 :- {{testMkdirsWithExistingHierarchyCheckPositive2}} does not seem
right. childPath3 has already been created.
Later when childPath3 is created again, it won't go up two levels .. it will be
a no-op.
The modifications to the test, to do what you intended is below:
{code:java}
@Test
public void testMkdirsWithExistingHierarchyCheckPositive2() throws Throwable {
Path testPath = new Path("/testMkdirsWithExistingHierarchyCheckPositive2");
Path childPath1 = new Path(testPath, "1");
Path childPath2 = new Path(childPath1, "2");
Path childPath3 = new Path(childPath2, "3");
authorizer.addAuthRule("/",
WasbAuthorizationOperations.WRITE.toString(), true);
authorizer.addAuthRule(childPath1.toString(),
WasbAuthorizationOperations.WRITE.toString(), true);
fs.updateWasbAuthorizer(authorizer);
try {
fs.mkdirs(childPath1);
ContractTestUtils.assertIsDirectory(fs, childPath1);
// Path already exists => no-op.
fs.mkdirs(testPath);
ContractTestUtils.assertIsDirectory(fs, testPath);
// Path already exists => no-op.
fs.mkdirs(childPath1);
ContractTestUtils.assertIsDirectory(fs, childPath1);
// Check permissions against existing ancestor childPath1
fs.mkdirs(childPath3);
ContractTestUtils.assertIsDirectory(fs, childPath3);
}
finally {
allowRecursiveDelete(fs, testPath.toString());
fs.delete(testPath, true);
}
}
{code}
> Wasb mkdirs security checks inconsistent with HDFS
> --------------------------------------------------
>
> Key: HADOOP-14820
> URL: https://issues.apache.org/jira/browse/HADOOP-14820
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs/azure
> Affects Versions: 2.8.1
> Reporter: Sivaguru Sankaridurg
> Assignee: Sivaguru Sankaridurg
> Labels: azure, fs, secure, wasb
> Attachments: HADOOP-14820.001.patch, HADOOP-14820.002.patch,
> HADOOP-14820.003.patch, HADOOP-14820.004.patch, HADOOP-14820.005.patch,
> HADOOP-14820-006.patch
>
>
> No authorization checks should be made when a user tries to create (mkdirs
> -p) an existing folder hierarchy.
> For example, if we start with _/home/hdiuser/prefix_ pre-created, and do the
> following operations, the results should be as shown below.
> {noformat}
> hdiuser@hn0-0d2f67:~$ sudo chown root:root prefix
> hdiuser@hn0-0d2f67:~$ sudo chmod 555 prefix
> hdiuser@hn0-0d2f67:~$ ls -l
> dr-xr-xr-x 3 root root 4096 Aug 29 08:25 prefix
> hdiuser@hn0-0d2f67:~$ mkdir -p /home
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix
> hdiuser@hn0-0d2f67:~$ mkdir -p /home/hdiuser/prefix/1
> mkdir: cannot create directory â/home/hdiuser/prefix/1â: Permission denied
> The first three mkdirs succeed, because the ancestor is already present. The
> fourth one fails because of a permission check against the (shorter) ancestor
> (as compared to the path being created).
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
