hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-7582) Limit the number of default ACL entries to Half of maximum entries (16)
Date Fri, 08 May 2015 19:08:03 GMT

     [ https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chris Nauroth updated HDFS-7582:
    Target Version/s: 3.0.0  (was: 2.8.0)
              Labels:   (was: BB2015-05-TBR)

Hi [~vinayrpet].  Sorry for the long delay replying to this.

If we were to make any change that would restrict the number of ACL entries to a smaller number
than what we allow now, then it would be a backwards-incompatible change.  It's possible that
existing deployments are already dependent on being able to create an ACL that uses the current
limit.  Therefore, I would have to -1 any such change made on the 2.x line.

Do you still want to consider changing this for 3.x?  We'd have the flexibility to make a
backwards-incompatible change there.  If we did that, then I'd still want to make sure that
we can load an existing fsimage/edits that took advantage of today's limits.  I'd want us
to have a JUnit test to verify that, so that people upgrading from 2.x to 3.x won't fail to
load the metadata or silently lose some of their ACL entries.

bq. In My test of POSIX ACLs, the limit of 25 were separately applied on ACCESS and DEFAULT
entries, so totally there could be 50 entries.

I'd have to retest, but I think this is different from the behavior I observed.  It would
be great if we could find a definitive source that defines the limit, but I haven't found
it yet.

> Limit the number of default ACL entries to Half of maximum entries (16)
> -----------------------------------------------------------------------
>                 Key: HDFS-7582
>                 URL: https://issues.apache.org/jira/browse/HDFS-7582
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7582-001.patch
> Current ACL limits are only on the total number of entries.
> But there can be a situation where number of default entries for a directory will be
more than half of the maximum entries, i.e. > 16.
> In such case, under this parent directory only files can be created which will have ACLs
inherited using parent's default entries.
> But when directories are created, total number of entries will be more than the maximum
allowed, because sub-directories copies both inherited ACLs as well as default entries.
> Since currently there is no check while copying ACLs from default ACLs directory creation
succeeds, but any modification (only permission on one entry also) on the same ACL will fail.
> So it would be better to restrict the default entries to 16.

This message was sent by Atlassian JIRA

View raw message