hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinayakumar B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7582) Enforce maximum number of ACL entries separately per access and default.
Date Mon, 18 May 2015 05:31:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14547548#comment-14547548

Vinayakumar B commented on HDFS-7582:

[~cnauroth], thanks for looking it again.

bq. Now considering all of that, I agree with you that HDFS can make a change so that the
limit is enforced separately per access and default. This is backwards-compatible, because
it does not reduce the number of ACL entries that can be used in existing deployments already.
I'm re-targeting this to 2.8.0 and updating the description to show the new plan.
Sure, we can target it for 2.8.0 and work on it.

> Enforce maximum number of ACL entries separately per access and default.
> ------------------------------------------------------------------------
>                 Key: HDFS-7582
>                 URL: https://issues.apache.org/jira/browse/HDFS-7582
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.4.0
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7582-001.patch
> Current ACL limits are only on the total number of entries.
> But there can be a situation where number of default entries for a directory will be
more than half of the maximum entries, i.e. > 16.
> In such case, under this parent directory only files can be created which will have ACLs
inherited using parent's default entries.
> But when directories are created, total number of entries will be more than the maximum
allowed, because sub-directories copies both inherited ACLs as well as default entries.
> Since currently there is no check while copying ACLs from default ACLs directory creation
succeeds, but any modification (only permission on one entry also) on the same ACL will fail.
> It would be better to enforce the maximum of 32 entries separately per access and default.
 This would be consistent with our observations testing ACLs on other file systems, such as
XFS and ext3.

This message was sent by Atlassian JIRA

View raw message