hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinayakumar B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7582) Limit the number of default ACL entries to Half of maximum entries (16)
Date Thu, 08 Jan 2015 10:21:36 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14269141#comment-14269141
] 

Vinayakumar B commented on HDFS-7582:
-------------------------------------

Hi [~cnauroth], Thanks for checking.
I have also verified again, but my results shows different behaviour in this context. Also
there is a chance that this could be distribution specific. I have verified in CentOS distribution.

In My test of POSIX ACLs, the limit of 25 were separately applied on ACCESS and DEFAULT entries,
so totally there could be 50 entries.
So when the child directory created, it also will have max of 50 entries, 25 ACCESS and 25
DEFAULT. So there is no violation here.

But in HDFS ACLs, the limit is applied is on whole. This has to match the POSIX behaviour.
There are 2 possibilities to handle current case.
1. Apply the EXISTING limit (32) separately on ACCESS and DEFAULT. This will increase the
NN Memory.
2. Restrict only DEFAULT entries to 16, and whole to 32. This could have backward compatibility
issue if already existing default entries are more than 16, of course thats not correct, still
i t wont throw any error while creating the child and inheriting the ACLs.

Any thoughts?

FYR,
{noformat}[vinay@server2 ~]$ getfacl testAcl/
# file: testAcl/
# owner: vinay
# group: vinay
user::rwx
user:root:rwx
user:bin:rwx
user:daemon:rwx
user:adm:rwx
user:lp:rwx
user:sync:rwx
user:shutdown:rwx
user:halt:rwx
user:mail:rwx
user:operator:rwx
user:games:rwx
user:ftp:rwx
user:ntp:rwx
user:avahi:rwx
user:dbus:rwx
user:nobody:rwx
user:usbmuxd:rwx
user:abrt:rwx
user:colord:rwx
user:unbound:rwx
user:polkitd:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:user:bin:rwx
default:user:daemon:rwx
default:user:adm:rwx
default:user:lp:rwx
default:user:sync:rwx
default:user:shutdown:rwx
default:user:halt:rwx
default:user:mail:rwx
default:user:operator:rwx
default:user:games:rwx
default:user:ftp:rwx
default:user:ntp:rwx
default:user:avahi:rwx
default:user:dbus:rwx
default:user:nobody:rwx
default:user:usbmuxd:rwx
default:user:abrt:rwx
default:user:colord:rwx
default:user:unbound:rwx
default:user:polkitd:rwx
default:group::rwx
default:mask::rwx
default:other::r-x{noformat}

> Limit the number of default ACL entries to Half of maximum entries (16)
> -----------------------------------------------------------------------
>
>                 Key: HDFS-7582
>                 URL: https://issues.apache.org/jira/browse/HDFS-7582
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7582-001.patch
>
>
> Current ACL limits are only on the total number of entries.
> But there can be a situation where number of default entries for a directory will be
more than half of the maximum entries, i.e. > 16.
> In such case, under this parent directory only files can be created which will have ACLs
inherited using parent's default entries.
> But when directories are created, total number of entries will be more than the maximum
allowed, because sub-directories copies both inherited ACLs as well as default entries.
> Since currently there is no check while copying ACLs from default ACLs directory creation
succeeds, but any modification (only permission on one entry also) on the same ACL will fail.
> So it would be better to restrict the default entries to 16.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message