hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-7389) Named user ACL cannot stop the user from accessing the FS entity.
Date Tue, 11 Nov 2014 17:49:34 GMT

     [ https://issues.apache.org/jira/browse/HDFS-7389?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chris Nauroth updated HDFS-7389:
    Hadoop Flags: Reviewed

Thank you for reporting this, [~chunjun.xiao].

[~vinayrpet], the patch looks good.  It looks like 2 Jenkins runs interfered with each other,
something that I've seen causing trouble lately.  I've triggered a fresh Jenkins run here:


+1 pending the new Jenkins run.  Thank you!

> Named user ACL cannot stop the user from accessing the FS entity.
> -----------------------------------------------------------------
>                 Key: HDFS-7389
>                 URL: https://issues.apache.org/jira/browse/HDFS-7389
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.5.1
>            Reporter: Chunjun Xiao
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7389-001.patch, HDFS-7389-002.patch
> In http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/:
> {quote}
> It’s important to keep in mind the order of evaluation for ACL entries when a user
attempts to access a file system object:
> 1. If the user is the file owner, then the owner permission bits are enforced.
> 2. Else if the user has a named user ACL entry, then those permissions are enforced.
> 3. Else if the user is a member of the file’s group or any named group in an ACL entry,
then the union of permissions for all matching entries are enforced.  (The user may be a member
of multiple groups.)
> 4. If none of the above were applicable, then the other permission bits are enforced.
> {quote}
> Assume we have a user UserA from group GroupA, if we config a directory as following
ACL entries:
> group:GroupA:rwx
> user:UserA:---
> According to the design spec above, userA should have no access permission to the file
object, while actually userA still has rwx access to the dir.

This message was sent by Atlassian JIRA

View raw message