hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5117) Allow the owner of an HDFS path to be a group
Date Thu, 22 Aug 2013 01:32:53 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747138#comment-13747138
] 

Colin Patrick McCabe commented on HDFS-5117:
--------------------------------------------

OK, I can see that you want two groups.  I missed that when reading the original description.
 Sorry.  Still, I think you can accomplish this without any code changes.

Create two groups: "readers" and "writers."

Then if you have a directory structure like this: /items/file

You set /items to have group = readers, mode = 750, and /items/file to have group = writers,
mode = 754.

Users not in readers cannot access the file.  Users in readers but not in writers can see
the file, but not access it.  Users in writers can write to the file.

We are going to implement ACLs at some point (see HDFS-4685).  I think that it would be better
to implement real ACLs than add hacks, since we'll have to maintain them going forward.
                
> Allow the owner of an HDFS path to be a group
> ---------------------------------------------
>
>                 Key: HDFS-5117
>                 URL: https://issues.apache.org/jira/browse/HDFS-5117
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: hdfs-client
>            Reporter: Ryan Hennig
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> At eBay, we have the need to associate some HDFS paths with a set of users with write
access, a set of users with read-only access, and neither read or write to others.
> The current model of POSIX-style permissions is nearly sufficient for this, except for
the need of multiple writers.
> One easy fix would be to allow the owner of a path to be a group, and then grant owner
permissions to all members of that group.  I have verified that HDP 1.3 allows you to set
the owner of a path to a group without error, but the owner permissions of that group are
not given to members of the group.
> I've created a relatively simple fix for this by modifying the "check" method in src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
and I am working on related changes to unit tests etc now.
> - Ryan

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message