hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Íñigo Goiri (JIRA) <j...@apache.org>
Subject [jira] [Commented] (HDFS-12895) RBF: Add ACL support for mount table
Date Sat, 30 Dec 2017 02:33:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16306648#comment-16306648
] 

Íñigo Goiri commented on HDFS-12895:
------------------------------------

I was thinking that we could actually use the EXECUTE permissions. When a client tries to
access a path, we could check the x ACL of the mount point and throw an exception. This would
allow RBF blocking some users from accessing some mount points. I see a couple issues like:
* Is the semantics clear or a little convoluted?
* What happens with sub mount points? 

Is this worth opening a JIRA? 

> RBF: Add ACL support for mount table
> ------------------------------------
>
>                 Key: HDFS-12895
>                 URL: https://issues.apache.org/jira/browse/HDFS-12895
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>    Affects Versions: 3.0.0-alpha3
>            Reporter: Yiqun Lin
>            Assignee: Yiqun Lin
>              Labels: RBF, incompatible
>             Fix For: 3.1.0, 2.10.0, 2.9.1, 3.0.1
>
>         Attachments: HDFS-12895-branch-2.001.patch, HDFS-12895.001.patch, HDFS-12895.002.patch,
HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch, HDFS-12895.006.patch, HDFS-12895.007.patch
>
>
> Adding ACL support for the Mount Table management. Following is the initial design of
ACL control for the mount table management.
> Each mount table has its owner, group name and permission.
> The mount table permissions (FsPermission), here we use {{org.apache.hadoop.fs.permission.FsPermission}}
to do the access check:
> # READ permission: you can read the mount table info.
> # WRITE permission: you can add remove or update this mount table info.
> # EXECUTE permission: This won't be used.
> The add command of mount table will be extended like this
> {noformat}
> $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add <source> <nameservice> <destination>
[-owner <owner>] [-group <group>] [-mode <mode>]]
> {noformat}
> *<mode> is UNIX-style permissions for the mount table. Permissions are specified
in octal, e.g. 0755. By default, this is set to 0755*.
> If we want update the ACL info of specfied mount table, just execute add command again.
This command not only adding for new mount talle but also updating mount table once it finds
given mount table is existed. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message