Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 35A0F10E85 for ; Sat, 16 May 2015 21:38:01 +0000 (UTC) Received: (qmail 47247 invoked by uid 500); 16 May 2015 21:38:01 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 47196 invoked by uid 500); 16 May 2015 21:38:01 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 47184 invoked by uid 99); 16 May 2015 21:38:00 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 16 May 2015 21:38:00 +0000 Date: Sat, 16 May 2015 21:38:00 +0000 (UTC) From: "Chris Nauroth (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HDFS-7582) Enforce maximum number of ACL entries separately per access and default. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Nauroth updated HDFS-7582: -------------------------------- Status: Open (was: Patch Available) > Enforce maximum number of ACL entries separately per access and default. > ------------------------------------------------------------------------ > > Key: HDFS-7582 > URL: https://issues.apache.org/jira/browse/HDFS-7582 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.4.0 > Reporter: Vinayakumar B > Assignee: Vinayakumar B > Attachments: HDFS-7582-001.patch > > > Current ACL limits are only on the total number of entries. > But there can be a situation where number of default entries for a directory will be more than half of the maximum entries, i.e. > 16. > In such case, under this parent directory only files can be created which will have ACLs inherited using parent's default entries. > But when directories are created, total number of entries will be more than the maximum allowed, because sub-directories copies both inherited ACLs as well as default entries. > Since currently there is no check while copying ACLs from default ACLs directory creation succeeds, but any modification (only permission on one entry also) on the same ACL will fail. > It would be better to enforce the maximum of 32 entries separately per access and default. This would be consistent with our observations testing ACLs on other file systems, such as XFS and ext3. -- This message was sent by Atlassian JIRA (v6.3.4#6332)