hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joey Echeverria <j...@cloudera.com>
Subject Re: Apply ACL on file level in Hadoop Cluster
Date Fri, 20 Jan 2012 00:50:14 GMT
I'm pretty sure standard FS ACLs won't work because fuse_dfs doesn't
provide xattr support. The way I would probably handle this is with
Hoop (httpfs) or webhdfs. I'd put another web server in front of them
to proxy and implement the ACLs, filtering rules there. It wouldn't
support webdav out of the box, but if you really needed support you
could probably make it work. As an FYI, libHDFS (which fuse_dfs is
based on) is likely to be re-written to make use of webhdfs instead of
JNI. There's an open JIRA for it, but the number escapes me at the


On Wed, Jan 18, 2012 at 11:18 AM, Stuti Awasthi <stutiawasthi@hcl.com> wrote:
> Hi Joey,
> I shall explain my use-case in detail. So basically I will be storing files in HDFS in
different directory structure and there will be multiple users who can access those files.
> What I have initially thought that I will mount my HDFS , apply ACL and LDAP on mounted
HDFS drive and expose the urls to the users via Webdav. So users can access the HDFS as mounted
drive or through http url.
> This way suppose I have a directory in HDFS which contain 2 files A.txt and B.txt and
there are 2 users John, Bella. Say John have access permission to A.txt and Bella have permission
on B.txt. Each user will have http url to access the HDFS directory. I want that when John
and Bella access the webdav url /mounted drive, they will see only those files in which they
have access.
> I do not want that users which have access on a directory level can see all the inner
content even if they do not have access permission on them.
> I thought of attaining it using ACL's . Is there any other way through which I can achieve
this goal of mine.
> Any ideas and suggestions are welcome.
> -----Original Message-----
> From: Joey Echeverria [mailto:joey@cloudera.com]
> Sent: Wednesday, January 18, 2012 6:34 PM
> To: hdfs-user@hadoop.apache.org
> Subject: Re: Apply ACL on file level in Hadoop Cluster
> HDFS only supports Unix style read, write execute permissions. What style of ACLs do
you want to apply?
> -Joey
> On Wed, Jan 18, 2012 at 7:55 AM, Stuti Awasthi <stutiawasthi@hcl.com> wrote:
>> Thanks Alex,
>> Yes, I wanted to apply ACL's on every file/directory created on HDFS. Is there absolutely
no way to achieve that either by conf files or on mounted drive ??
>> -----Original Message-----
>> From: alo alt [mailto:wget.null@googlemail.com]
>> Sent: Wednesday, January 18, 2012 6:13 PM
>> To: hdfs-user@hadoop.apache.org
>> Subject: Re: Apply ACL on file level in Hadoop Cluster
>> Stuti,
>> HDFS does not support ACL's, I assume you mean ACL per file / directory / dataset?
I know only Accumulo (http://wiki.apache.org/incubator/AccumuloProposal) which is supporting
>> - Alex
>> --
>> Alexander Lorenz
>> http://mapredit.blogspot.com
>> On Jan 18, 2012, at 1:25 PM, Stuti Awasthi wrote:
>>> Hi All,
>>> I wanted to apply ACL on per file level in Hadoop Cluster i.e. I want to apply
ACL's on every file which is present in Hadoop Cluster.
>>> I tried mounting HDFS using fuse_dfs , that works fine. Now HDFS is a
>>> mounted drive I thought it is easy to apply ACL as we do on normal
>>> directory in Linux but I was wrong. I think FUSE does not support ACL
>>> How can I achieve that? It can work any way for me either by configuration file
setting or applying ACL on mounted drive.
>>> Regards,
>>> Stuti Awasthi
>>> ---------------------------------------------------------------------
>>> -
>>> -------------------------------------------------
>>> The contents of this e-mail and any attachment(s) are confidential and intended
for the named recipient(s) only.
>>> It shall not attach any liability on the originator or HCL or its
>>> affiliates. Any views or opinions presented in this email are solely those of
the author and may not necessarily reflect the opinions of HCL or its affiliates.
>>> Any form of reproduction, dissemination, copying, disclosure,
>>> modification, distribution and / or publication of this message
>>> without the prior written consent of the author of this e-mail is
>>> strictly prohibited. If you have received this email in error please delete it
and notify the sender immediately. Before opening any mail and attachments please check them
for viruses and defect.
>>> ---------------------------------------------------------------------
>>> -
>>> -------------------------------------------------
> --
> Joseph Echeverria
> Cloudera, Inc.
> 443.305.9434

Joseph Echeverria
Cloudera, Inc.

View raw message