hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4685) Implementation of ACLs in HDFS
Date Thu, 12 Feb 2015 06:29:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14317691#comment-14317691

Chris Nauroth commented on HDFS-4685:

Actually, there is one more implementation detail to consider.  When a file does have an ACL,
then the owning group permissions are stored in an ACL entry, not the group permission bits.
 Instead, the group permission bits are used to the store the ACL mask.  The reason for this
is that it provides a conservative solution to the problem of applications that change permissions
but are unaware of ACLs, most notably {{chmod}}.  Running something like a {{chmod g-r}} actually
removes read permissions from the mask entry (unbeknownst to {{chmod}}).  This way, the modification
is performed for the entire "group class", which is the unnamed group entry, all named group
entries, and all named user entries.

For a more detailed rationale of this behavior, see the POSIX ACL documentation that I referenced
a lot from the HDFS ACLs design document:


The HDFS code that implements this is in the {{AclStorage}} class.

> Implementation of ACLs in HDFS
> ------------------------------
>                 Key: HDFS-4685
>                 URL: https://issues.apache.org/jira/browse/HDFS-4685
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: hdfs-client, namenode, security
>    Affects Versions: 1.1.2
>            Reporter: Sachin Jose
>            Assignee: Chris Nauroth
>             Fix For: 2.4.0
>         Attachments: HDFS-4685-branch-2.1.patch, HDFS-4685.1.patch, HDFS-4685.2.patch,
HDFS-4685.3.patch, HDFS-4685.4.patch, HDFS-ACLs-Design-1.pdf, HDFS-ACLs-Design-2.pdf, HDFS-ACLs-Design-3.pdf,
Test-Plan-for-Extended-Acls-1.pdf, Test-Plan-for-Extended-Acls-2.pdf
> Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be achieved
using getfacl and setfacl utilities. Is there anybody working on this feature ?

This message was sent by Atlassian JIRA

View raw message