hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen O'Donnell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
Date Wed, 21 Feb 2018 15:54:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371569#comment-16371569
] 

Stephen O'Donnell edited comment on HDFS-13170 at 2/21/18 3:53 PM:
-------------------------------------------------------------------

These tests were not flagged as failing in the last run and I have only fixed style issues
in the updated patch. I ran the failing test class and it failed locally for me with the same
errors. I checked out trunk and the same errors exist there too. I don't *think* the failure
is related to the patch.


was (Author: sodonnell):
The tests passed in the last run, and passed when I re-ran locally. These are existing tests
and I don't think the changes here would affect them. I guess we can see on another run if
they pass or fail consistently.

> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---------------------------------------------------
>
>                 Key: HDFS-13170
>                 URL: https://issues.apache.org/jira/browse/HDFS-13170
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>    Affects Versions: 3.2.0
>            Reporter: Stephen O'Donnell
>            Assignee: Stephen O'Donnell
>            Priority: Major
>         Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly applied to
files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent directory,
with dfs.namenode.posix.acl.inheritance.enabled=false, the result is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx    #effective:r--
> user:user2:rwx    #effective:r--
> group::r-x    #effective:r--
> group:users:rwx    #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx    #effective:rw-
> user:user2:rwx    #effective:rw-
> group::r-x    #effective:r--
> group:users:rwx    #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx    #effective:r-x
> user:user2:rwx    #effective:r-x
> group::r-x
> group:users:rwx    #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new file.
> As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'. By passing
it to a webhdfs call, it can result in the same behaviour as when a file is written from the
CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"  "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE&user.name=user1&namenoderpcaddress=namenode:8020&overwrite=false&unmaskedpermission=770"
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is available there
too.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message