Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id DB512200D5B for ; Wed, 13 Dec 2017 20:57:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id D9C7F160C23; Wed, 13 Dec 2017 19:57:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 046E0160C0F for ; Wed, 13 Dec 2017 20:57:03 +0100 (CET) Received: (qmail 34377 invoked by uid 500); 13 Dec 2017 19:57:03 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 34363 invoked by uid 99); 13 Dec 2017 19:57:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Dec 2017 19:57:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A721918096B for ; Wed, 13 Dec 2017 19:57:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id D05hXBvODHad for ; Wed, 13 Dec 2017 19:57:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 097655F2A8 for ; Wed, 13 Dec 2017 19:57:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 7A72CE0D73 for ; Wed, 13 Dec 2017 19:57:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 3B2D1212FD for ; Wed, 13 Dec 2017 19:57:00 +0000 (UTC) Date: Wed, 13 Dec 2017 19:57:00 +0000 (UTC) From: =?utf-8?Q?=C3=8D=C3=B1igo_Goiri_=28JIRA=29?= To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Comment Edited] (HDFS-12895) RBF: Add ACL support for mount table MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 13 Dec 2017 19:57:05 -0000 [ https://issues.apache.org/jira/browse/HDFS-12895?page=3Dcom.atlassian= .jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D1628= 9556#comment-16289556 ]=20 =C3=8D=C3=B1igo Goiri edited comment on HDFS-12895 at 12/13/17 7:56 PM: -------------------------------------------------------------- Thanks [~linyiqun] for taking care of the comments. A couple more based on = [^HDFS-12895.005.patch]: * It seems we are defaulting to nulls when nothing there. The entries creat= ed early still show without permissions. We probably want to check for empt= y {{getMode()}} at {{MountTableImpl}}. Not sure about user and group; show = a default one? Super user? This is what I currently get for old entries: {code} Mount Table Entries: Source Destinations Owner = Group Mode / ns0->/ null = null --------- /ns0 ns0->/ null = null --------- /ns1 ns1->/ null = null --------- /ns2 ns2->/ null = null --------- /ns3 ns3->/ null = null --------- {code} * {{removeMountTableEntry()}} could initialize {{deleteEntry}} right away w= ithout the null: {{final MountTable deleteEntry =3D getDriver().get(getReco= rdClass(), query);}} * For consistency, {{removeMountTableEntry()}} could do the same order of {= {if}} as {{addMountTableEntry()}} and {{updateMountTableEntry()}} and avoid= the {{pc}} init if no entry. In addition, the check status could use this = if structure: {code} boolean status =3D false; if (deleteEntry !=3D null) { RouterPermissionChecker pc =3D RouterAdminServer.getPermissionChecker(); if (pc !=3D null) { pc.checkPermission(deleteEntry, FsAction.WRITE); } status =3D getDriver().remove(deleteEntry); } {code} * Typo in the name {{testMountTableDefalutACL}} * Internally this fails {{assertEquals(ugi.getShortUserName(), mountTable.g= etGroupName());}}, I think it shouldn't be {{getShortUserName()}} to compar= e with the group. Other than this, this is ready to go. was (Author: elgoiri): Thanks [~linyiqun] for taking care of the comments. A couple more based on = [^HDFS-12895.005.patch]: * It seems we are defaulting to nulls when nothing there. The entries creat= ed early still show without permissions. We probably want to check for empt= y {{getMode()}} at {{MountTableImpl}}. Not sure about user and group; show = a default one? Super user? This is what I currently get for old entries: {code} Mount Table Entries: Source Destinations Owner = Group Mode / ns0->/ null = null --------- /ns0 ns0->/ null = null --------- /ns1 ns1->/ null = null --------- /ns2 ns2->/ null = null --------- /ns3 ns3->/ null = null --------- {code} * {{removeMountTableEntry()}} could initialize {{deleteEntry}} right away w= ithout the null: {{final MountTable deleteEntry =3D getDriver().get(getReco= rdClass(), query);}} * For consistency, {{removeMountTableEntry()}} could do the same order of {= {if}} as {{addMountTableEntry()}} and {{updateMountTableEntry()}} and avoid= the {{pc}} init if no entry. In addition, the check status could use this = if structure: {code} boolean status =3D false; if (deleteEntry !=3D null) { RouterPermissionChecker pc =3D RouterAdminServer.getPermissionChecker(); if (pc !=3D null) { pc.checkPermission(deleteEntry, FsAction.WRITE); } status =3D getDriver().remove(deleteEntry); } {code} * Typo in the name {{testMountTableDefalutACL}} Other than this, this is ready to go. > RBF: Add ACL support for mount table > ------------------------------------ > > Key: HDFS-12895 > URL: https://issues.apache.org/jira/browse/HDFS-12895 > Project: Hadoop HDFS > Issue Type: Sub-task > Affects Versions: 3.0.0-alpha3 > Reporter: Yiqun Lin > Assignee: Yiqun Lin > Labels: RBF > Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch, HDFS-128= 95.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch > > > Adding ACL support for the Mount Table management. Following is the initi= al design of ACL control for the mount table management. > Each mount table has its owner, group name and permission. > The mount table permissions (FsPermission), here we use {{org.apache.hado= op.fs.permission.FsPermission}} to do the access check: > # READ permission: you can read the mount table info. > # WRITE permission: you can add remove or update this mount table info. > # EXECUTE permission: This won't be used. > The add command of mount table will be extended like this > {noformat} > $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add [-owner ] [-group ] [-mode ]] > {noformat} > * is UNIX-style permissions for the mount table. Permissions are sp= ecified in octal, e.g. 0755. By default, this is set to 0755*. > If we want update the ACL info of specfied mount table, just execute add = command again. This command not only adding for new mount talle but also up= dating mount table once it finds given mount table is existed.=20 -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org