Set directory protection

更新时间:
复制 MD 格式

The directory protection feature of the OSS-HDFS service (JindoFS service) enhances data security by preventing you from accidentally deleting or renaming directories. After directory protection is enabled, delete and rename operations on a directory are strictly restricted as long as it contains any subdirectories or files. You can delete or rename the protected directory only once it is empty.

Prerequisites

The OSS-HDFS service is enabled, and you have the required permissions to access it. For more information, see Enable the OSS-HDFS service.

Limitations

You can set directory protection using the OSS console or the JindoFS CLI. You can protect a maximum of 3,000 directory paths in total across both methods.

OSS console

To set directory protection using the OSS console, you must first submit a ticket to enable the feature.

  1. Set directory protection.

    1. Log on to the OSS console.

    2. In the navigation pane on the left, click Buckets, and then click the name of the desired bucket.

    3. In the navigation pane on the left, choose Data Lake > OSS-HDFS.

    4. On the OSS-HDFS tab, turn on Directory Protection, and then specify one or more directories to protect.

      The specified directory paths must be absolute paths that start with a forward slash (/). Separate multiple paths with line breaks.

      image

    5. Click Save.

      After you save the settings, the directory protection feature takes effect within 30 seconds.

  2. (Optional) To rename or delete a protected directory, you can disable its protection.

    1. Disable directory protection.

      Note

      You can disable protection for all directories at once or for specific directories individually.

      image

    2. Click Save.

JindoFS CLI

  1. Connect to an ECS instance. For more information, see Connect to an ECS instance.

  2. Download the JindoFS CLI.

  3. Configure the AccessKey pair and environment variables.

    1. Navigate to the bin directory of your JindoFS SDK installation.

      The following example uses jindofs-sdk-x.x.x-linux. If you are using a different version of the JindoFS SDK, replace the name accordingly.

      cd jindofs-sdk-x.x.x-linux/bin/
    2. In the bin directory, create a configuration file named jindofs.cfg. In the file, provide the AccessKey pair (AccessKey ID and AccessKey Secret) of your Alibaba Cloud account or a RAM user that has the required permissions.

      [client]
      fs.oss.accessKeyId = <key>              
      fs.oss.accessKeySecret = <secret>
    3. Set the environment variable.

      Note

      Set <JINDOSDK_CONF_DIR> to the absolute path of the jindofs.cfg configuration file.

      export JINDOSDK_CONF_DIR=<JINDOSDK_CONF_DIR>
  4. Set directory protection.

    The following example shows how to set directory protection for the /path/to/dir1 and /path/to/dir2 directories in a bucket named examplebucket in the China (Hangzhou) region.

    ./jindofs admin -putConfig -dlsUri oss://examplebucket.cn-hangzhou.oss-dls.aliyuncs.com/  -conf fs.protected.directories=/path/to/dir1,/path/to/dir2
    Note
    • The directory paths must be absolute paths that start with a forward slash (/). Separate multiple paths with commas (,).

    • If the command returns no output, the setting is successful. The feature takes effect within 30 seconds.

  5. (Optional) Query the protected directories.

    ./jindofs admin -getConfig -dlsUri oss://examplebucket.cn-hangzhou.oss-dls.aliyuncs.com/ -name fs.protected.directories

    Sample output:

    fs.protected.directories: /path/to/dir1,/path/to/dir2
  6. (Optional) If you need to rename or delete a protected directory, you can remove its protection.

    Important

    The following command removes protection from all directories in the current bucket. You cannot use this command to remove protection from specific directories.

    ./jindofs admin -putConfig -dlsUri oss://examplebucket.cn-hangzhou.oss-dls.aliyuncs.com/ -conf fs.protected.directories=