hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-8419) chmod impact user's effective ACL
Date Mon, 18 May 2015 17:11:01 GMT

     [ https://issues.apache.org/jira/browse/HDFS-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Nauroth resolved HDFS-8419.
---------------------------------
    Resolution: Not A Problem

Hello, [~sinago].  This behavior is by design.  The documentation mentions that running {{chmod}}
on a file with an ACL actually changes the permissions on the mask entry, which in turn alters
the effective permissions for all extended ACL entries.

http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_Access_Control_Lists

This behavior matches with the POSIX ACL model.  The spec that we used as a reference during
development goes into greater detail describing the motivation for the mask entry and its
interaction with applications that are not ACL-aware, such as {{chmod}}.

http://users.suse.com/~agruen/acl/linux-acls/online/

If you want, you can control the mask entry directly by using {{setfacl -m}} and including
a mask entry with the explicit permissions that you want.

> chmod impact user's effective ACL
> ---------------------------------
>
>                 Key: HDFS-8419
>                 URL: https://issues.apache.org/jira/browse/HDFS-8419
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: HDFS
>    Affects Versions: 2.6.0
>            Reporter: zhouyingchao
>            Assignee: zhouyingchao
>
> I set a directory's ACL to assign rwx permission to user h_user1. Later, I used chmod
to change the group permission to r-x. I understand chmod of an acl enabled file would only
change the permission mask. The abnormal thing is that the operation will change the h_user1's
effective ACL from rwx to r-x.
> Following are ACLs before any operaton:
> -----------------------------------------
> \# file: /grptest
> \# owner: hdfs_tst_admin
> \# group: supergroup
> user::rwx
> user:h_user1:rwx
> group::r-x
> mask::rwx
> other::---
> -----------------------------------------
> Following are ACLs after "chmod 750 /grptest"
> -----------------------------------------
> \# file: /grptest
> \# owner: hdfs_tst_admin
> \# group: supergroup
> user::rwx
> user:h_user1:rwx	#effective:r-x
> group::r-x
> mask::r-x
> other::---
> -----------------------------------------
> I'm wondering if this behavior is by design.  If not, I'd like to fix the issue. Thank
you.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message