hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5899) Add configuration flag to disable/enable support for ACLs.
Date Mon, 10 Feb 2014 18:32:23 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13896821#comment-13896821
] 

Colin Patrick McCabe commented on HDFS-5899:
--------------------------------------------

bq. dfs.permissions.enabled continues to work as expected, suppressing permission checks if
set to false, whether the permissions are defined via permission bits or ACLs.
bq. The superuser is still immune to all permission checks, whether they come from permission
bits or ACLs.
bq. If ACLs are not in use, then permission checks go through the exact same code path that
we have in FSPermissionChecker today. We go down a separate path only if the inode has an
ACL.

That makes sense to me.

bq. When ACLs are disabled, all APIs related to ACLs will fail intentionally, an fsimage containing
an ACL will cause the NameNode to abort during startup, and ACLs present in the edit log will
cause the NameNode to abort. 

bq. Existing ACLs never get wiped automatically. This recovery procedure is a conscious decision
by the cluster admin.

I agree that we should never wipe ACLs automatically.  But what's the problem with just not
enforcing them when {{dfs.namenode.acls.enabled}} is false?  Why do we have to fail to start
up?  That seems like it will introduce problems for admins.

bq. If ACLs accidentally crept into the fsimage or edits (i.e. accidentally started with ACLs
enabled, but now the admin wants to switch them off), then the recovery procedure would be
to restart with ACLs enabled, remove all ACLs, save a new checkpoint, and then restart with
ACLs disabled.

How do you propose that the admin do this?

> Add configuration flag to disable/enable support for ACLs.
> ----------------------------------------------------------
>
>                 Key: HDFS-5899
>                 URL: https://issues.apache.org/jira/browse/HDFS-5899
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>             Fix For: HDFS ACLs (HDFS-4685)
>
>         Attachments: HDFS-5899.1.patch, HDFS-5899.2.patch
>
>
> Add a new configuration property that allows administrators to toggle support for HDFS
ACLs on/off.  By default, the flag will be off.  This is a conservative choice, and administrators
interested in using ACLs can enable it explicitly.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message