Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 48DA918E40 for ; Fri, 10 Jul 2015 06:51:05 +0000 (UTC) Received: (qmail 99991 invoked by uid 500); 10 Jul 2015 06:51:05 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 99934 invoked by uid 500); 10 Jul 2015 06:51:05 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 99920 invoked by uid 99); 10 Jul 2015 06:51:05 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jul 2015 06:51:05 +0000 Date: Fri, 10 Jul 2015 06:51:04 +0000 (UTC) From: "Vinayakumar B (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HDFS-7582) Enforce maximum number of ACL entries separately per access and default. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14621842#comment-14621842 ] Vinayakumar B commented on HDFS-7582: ------------------------------------- Thanks [~cnauroth]. Sure, you can take your time for review. > Enforce maximum number of ACL entries separately per access and default. > ------------------------------------------------------------------------ > > Key: HDFS-7582 > URL: https://issues.apache.org/jira/browse/HDFS-7582 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.4.0 > Reporter: Vinayakumar B > Assignee: Vinayakumar B > Attachments: HDFS-7582-001.patch, HDFS-7582-01.patch > > > Current ACL limits are only on the total number of entries. > But there can be a situation where number of default entries for a directory will be more than half of the maximum entries, i.e. > 16. > In such case, under this parent directory only files can be created which will have ACLs inherited using parent's default entries. > But when directories are created, total number of entries will be more than the maximum allowed, because sub-directories copies both inherited ACLs as well as default entries. > Since currently there is no check while copying ACLs from default ACLs directory creation succeeds, but any modification (only permission on one entry also) on the same ACL will fail. > It would be better to enforce the maximum of 32 entries separately per access and default. This would be consistent with our observations testing ACLs on other file systems, such as XFS and ext3. -- This message was sent by Atlassian JIRA (v6.3.4#6332)