Return-Path: X-Original-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8E1ED10F77 for ; Tue, 11 Feb 2014 00:47:23 +0000 (UTC) Received: (qmail 79639 invoked by uid 500); 11 Feb 2014 00:47:16 -0000 Delivered-To: apmail-hadoop-hdfs-dev-archive@hadoop.apache.org Received: (qmail 79469 invoked by uid 500); 11 Feb 2014 00:47:07 -0000 Mailing-List: contact hdfs-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-dev@hadoop.apache.org Received: (qmail 79330 invoked by uid 99); 11 Feb 2014 00:46:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 00:46:59 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of cnauroth@hortonworks.com designates 209.85.216.176 as permitted sender) Received: from [209.85.216.176] (HELO mail-qc0-f176.google.com) (209.85.216.176) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Feb 2014 00:46:54 +0000 Received: by mail-qc0-f176.google.com with SMTP id e16so11793663qcx.21 for ; Mon, 10 Feb 2014 16:46:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=nn2pVqfS4C4jwIG2nZWejNJkr+prBD27hXxho2VYobY=; b=aG3DhU5mY5NWBf39yntcLhQLx9Sa1k4varlwWUpj6soa6rQl5h+8In249uLWMXjq+D XP08fWeoR7ancUWRUSguHKLscvO4K0RdYiLhx7H4AhLlc2YlYeST8TyFKzyW2UNBk+// hi0gAdsgCzse6Ao9SThkOY2poTUbccs+PUdSFlOg5cuSpKM8ne6kahFUn+fsuQqUzjSq OgcDpIlEUtxGcmNjb1T9pTy4+SSmu0+9xmLRF5BAp1j5QxyXx/PQbWtqcSKQ5VGTkIAK Ie8vvJ8nRgpLQBzRje5+v7Gql+lNIcjEXLXfY+WTK3GbBDDDtmNeUzvCZLH6CDe/HPbN Ta9w== X-Gm-Message-State: ALoCoQm+0LlOFzQ6O1OVoC64qHumEhjVeyUncFrDjcznEjIM0wqbzGQP/bnIqeET3OvH1m9BuxR0FAiwMqHWTBNWJWiObN2FtGcbrZ1bYImVh+iBLj8JTrI= MIME-Version: 1.0 X-Received: by 10.224.26.71 with SMTP id d7mr53365250qac.89.1392079593911; Mon, 10 Feb 2014 16:46:33 -0800 (PST) Received: by 10.96.217.99 with HTTP; Mon, 10 Feb 2014 16:46:33 -0800 (PST) Date: Mon, 10 Feb 2014 16:46:33 -0800 Message-ID: Subject: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk From: Chris Nauroth To: "hdfs-dev@hadoop.apache.org" Content-Type: multipart/alternative; boundary=089e0149c510b1ccc904f216c986 X-Virus-Checked: Checked by ClamAV on apache.org --089e0149c510b1ccc904f216c986 Content-Type: text/plain; charset=US-ASCII Hello everyone, I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to trunk. HDFS ACLs provide support for finer-grained permissions on files than what users can express today using traditional Unix permission bits. An ACL (Access Control List) consists of a set of ACL entries. Each ACL entry names a specific user or group and grants or denies read, write and execute permissions for that specific user or group. Development of this feature has been tracked in issue HDFS-4685: https://issues.apache.org/jira/browse/HDFS-4685 The current design document is available here: https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf All development work has been committed to the HDFS-4685 feature branch: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/ We're currently working on resolving conflicts with the fsimage protobuf merge, and we expect to complete that work soon. The feature is backwards-compatible. By default, the feature is disabled. A cluster administrator must enable support for ACLs in configuration. There is no impact to existing clusters that choose to leave ACL support disabled. In addition to the existing tests that cover permissions, we've developed more than 200 new tests covering the new ACL get and set APIs through DistributedFileSystem and WebHdfsFileSystem, the new CLI commands, enforcement of ACLs during file access, integration with the existing permissions model, persistence of ACLs to fsimage and edits, and more. We have documented our further system testing plans in a test plan document attached to issue HDFS-4685. I want to thank the numerous contributors who have participated in the branch development up to this point. Code contributors are Vinayakumar B, Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao. Yesha Vora contributed the test plan. The design document incorporates feedback from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas), SZE and Jing Zhao. Code reviewers on individual patches include Arpit Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao. This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT. Chris Nauroth Hortonworks http://hortonworks.com/ -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You. --089e0149c510b1ccc904f216c986--