hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7389) Named user ACL cannot stop the user from accessing the FS entity.
Date Tue, 11 Nov 2014 11:02:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14206283#comment-14206283
] 

Hadoop QA commented on HDFS-7389:
---------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12680760/HDFS-7389-001.patch
  against trunk revision 58e9bf4.

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javadoc{color}.  There were no new javadoc warning messages.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with eclipse:eclipse.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:red}-1 core tests{color}.  The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs:

                  org.apache.hadoop.hdfs.server.namenode.TestNamenodeRetryCache
                  org.apache.hadoop.hdfs.server.namenode.TestSecondaryNameNodeUpgrade

    {color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/8712//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/8712//console

This message is automatically generated.

> Named user ACL cannot stop the user from accessing the FS entity.
> -----------------------------------------------------------------
>
>                 Key: HDFS-7389
>                 URL: https://issues.apache.org/jira/browse/HDFS-7389
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.5.1
>            Reporter: Chunjun Xiao
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7389-001.patch, HDFS-7389-002.patch
>
>
> In http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/:
> {quote}
> It’s important to keep in mind the order of evaluation for ACL entries when a user
attempts to access a file system object:
> 1. If the user is the file owner, then the owner permission bits are enforced.
> 2. Else if the user has a named user ACL entry, then those permissions are enforced.
> 3. Else if the user is a member of the file’s group or any named group in an ACL entry,
then the union of permissions for all matching entries are enforced.  (The user may be a member
of multiple groups.)
> 4. If none of the above were applicable, then the other permission bits are enforced.
> {quote}
> Assume we have a user UserA from group GroupA, if we config a directory as following
ACL entries:
> group:GroupA:rwx
> user:UserA:---
> According to the design spec above, userA should have no access permission to the file
object, while actually userA still has rwx access to the dir.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message