hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5899) Add configuration flag to disable/enable support for ACLs.
Date Tue, 11 Feb 2014 01:05:22 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13897387#comment-13897387

Chris Nauroth commented on HDFS-5899:

Both [~cmccabe] and [~wheat9] have expressed concerns about causing pain for administrators
if we have code that aborts intentionally while loading fsimage or edits, so I think I need
to reconsider this.

Regarding skipping enforcement, my concern is the risk of unintentionally widening permissions
due to interactions with the mask entry.  (The full explanation is in my prior comment.)

Here is a compromise proposal.  Let's reject the API calls when {{dfs.namenode.acls.enabled}}
is false, but let's still load *and enforce* all existing ACLs found in fsimage or edits.
 I expect that addresses the concerns about administrative pain, and it addresses my concerns
about weakening enforcement.  This does mean that the config flag is not a hard restriction,
but admins who really want to nuke all ACLs can still use the procedure I described, and I
expect this to be a rare occurrence.

It looks like an acceptable compromise to me.  Do others agree?  If so, then I'll file a new
issue for the change.  Thank you, Colin and Haohui.

> Add configuration flag to disable/enable support for ACLs.
> ----------------------------------------------------------
>                 Key: HDFS-5899
>                 URL: https://issues.apache.org/jira/browse/HDFS-5899
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>             Fix For: HDFS ACLs (HDFS-4685)
>         Attachments: HDFS-5899.1.patch, HDFS-5899.2.patch
> Add a new configuration property that allows administrators to toggle support for HDFS
ACLs on/off.  By default, the flag will be off.  This is a conservative choice, and administrators
interested in using ACLs can enable it explicitly.

This message was sent by Atlassian JIRA

View raw message