hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen O'Donnell (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
Date Mon, 19 Feb 2018 16:55:00 GMT
Stephen O'Donnell created HDFS-13170:
----------------------------------------

             Summary: Port webhdfs unmaskedpermission parameter to HTTPFS
                 Key: HDFS-13170
                 URL: https://issues.apache.org/jira/browse/HDFS-13170
             Project: Hadoop HDFS
          Issue Type: Improvement
            Reporter: Stephen O'Donnell


HDFS-6962 fixed a long standing issue where default ACLs are not correctly applied to files
when they are created from the hadoop shell.

With this change, if you create a file with default ACLs against the parent directory, with
dfs.namenode.posix.acl.inheritance.enabled=false, the result is:

{code}
# file: /test_acl/file_from_shell_off
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx    #effective:r--
user:user2:rwx    #effective:r--
group::r-x    #effective:r--
group:users:rwx    #effective:r--
mask::r--
other::r--
{code}

And if you enable this, to fix the bug above, the result is as you would expect:


{code}
# file: /test_acl/file_from_shell
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx    #effective:rw-
user:user2:rwx    #effective:rw-
group::r-x    #effective:r--
group:users:rwx    #effective:rw-
mask::rw-
other::r--
{code}

If I then create a file over HTTPFS or webHDFS, the behaviour is not the same as above:


{code}
# file: /test_acl/default_permissions
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx    #effective:r-x
user:user2:rwx    #effective:r-x
group::r-x
group:users:rwx    #effective:r-x
mask::r-x
other::r-x
{code}

Notice the mask is set to r-x and this remove the write permission on the new file.

As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'. By passing
it to a webhdfs call, it can result in the same behaviour as when a file is written from the
CLI:

{code}
curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"  "http://host-10-17-103-28.coe.cloudera.comnamenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE&user.name=user1&namenoderpcaddress=namenode:8020&overwrite=false&unmaskedpermission=770"

# file: /test_acl/unmasked__770
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
group:users:rwx
mask::rwx
other::---
{code}

However, this parameter was never ported to HTTPFS.

This Jira is to replicate the same changes to HTTPFS so this parameter is available there
too.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message