Return-Path: 
 <user-return-21740-apmail-hadoop-user-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-user-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8059C1022D
	for <apmail-hadoop-user-archive@minotaur.apache.org>;
 Sat, 12 Dec 2015 14:55:12 +0000 (UTC)
Received: (qmail 98451 invoked by uid 500); 12 Dec 2015 14:55:07 -0000
Delivered-To: apmail-hadoop-user-archive@hadoop.apache.org
Received: (qmail 98322 invoked by uid 500); 12 Dec 2015 14:55:06 -0000
Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@hadoop.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@hadoop.apache.org>
List-Post: <mailto:user@hadoop.apache.org>
List-Id: <user.hadoop.apache.org>
Delivered-To: mailing list user@hadoop.apache.org
Received: (qmail 98312 invoked by uid 99); 12 Dec 2015 14:55:06 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Dec 2015 14:55:06 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id 2F032C0052
	for <user@hadoop.apache.org>; Sat, 12 Dec 2015 14:55:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 5.5
X-Spam-Level: *****
X-Spam-Status: No, score=5.5 tagged_above=-999 required=6.31
	tests=[HTML_MESSAGE=3, RDNS_NONE=2.5, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Received: from mx1-us-east.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id q70jxxniISbY for <user@hadoop.apache.org>;
	Sat, 12 Dec 2015 14:54:58 +0000 (UTC)
Received: from Exchange02.qunarservers.com (unknown [59.151.11.101])
	by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with
 ESMTPS id 08EF142A63
	for <user@hadoop.apache.org>; Sat, 12 Dec 2015 14:51:44 +0000 (UTC)
Received: from EXCHANGE23.qunarservers.com ([fe80::2c7c:3c51:7b63:d774]) by
 Exchange02.qunarservers.com ([2002:3b97:b65::3b97:b65]) with mapi id
 14.03.0224.002; Sat, 12 Dec 2015 22:51:08 +0800
From: =?gb2312?B?wvPK98jZ?= <shurong.mai@qunar.com>
To: "user@hadoop.apache.org" <user@hadoop.apache.org>
Subject: 
 =?gb2312?B?c2VydmljZSBsZXZlbCBhdXRob3JpemF0aW9uIGNoZWNrIHRoZSBjb21iaW5h?=
 =?gb2312?B?dGlvbiBvZiBob3N0IGFuZCB1c2VyIKOoaGFkb29wLTEyNjI4o6k=?=
Thread-Topic: 
 =?gb2312?B?c2VydmljZSBsZXZlbCBhdXRob3JpemF0aW9uIGNoZWNrIHRoZSBjb21iaW5h?=
 =?gb2312?B?dGlvbiBvZiBob3N0IGFuZCB1c2VyIKOoaGFkb29wLTEyNjI4o6k=?=
Thread-Index: AdE07B/bIbPlh1KrQR6vvMB+Krxumw==
Date: Sat, 12 Dec 2015 14:51:08 +0000
Message-ID: 
 <7404AE097F6C3543904DA0C380B20D6626597F@EXCHANGE23.qunarservers.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.86.201.174]
Content-Type: multipart/alternative;
	boundary="_000_7404AE097F6C3543904DA0C380B20D6626597FEXCHANGE23qunarse_"
MIME-Version: 1.0

--_000_7404AE097F6C3543904DA0C380B20D6626597FEXCHANGE23qunarse_
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64

aGkgYWxsLA0KDQpTZXJ2aWNlIGxldmVsIGF1dGhvcml6YXRpb24gaW4gaGFkb29wMi4yLngsaGFk
b29wMi41LngsaGFkb29wMi42LnggY2FuIG9ubHkgY2hlY2sgdGhlIHVzZXIgZnJvbSBjbGllbnQu
IFNlcnZpY2UgbGV2ZWwgYXV0aG9yaXphdGlvbiBpbiBoYWRvb3AyLjcueCBhZGQgdGhlIGZ1bmN0
aW9uIG9mIGNoZWNraW5nIHRoZSBob3N0KGlwKSBmcm9tIGNsaWVudCwgYnV0IG9ubHkgY2FuIGNo
ZWNrIGhvc3QgYW5kIHVzZXIgaW5kZXBlbmRlbnRseSBhbmQgY2Fubm90IGNoZWNrIHRoZSBjb21i
aW5hdGlvbiBvZiBob3N0IGFuZCB1c2VyLg0KDQpJIHN1Ym1pdHRlZCBhIGltcHJvdmVtZW50IGlz
c3VlIGFuZCB0aGUgcGF0Y2ggd2hpY2ggYWRkIHRoZSBmdW5jdGlvbiBvZiBjaGVja2luZyBhdXRo
b3JpemF0aW9uIG9mIHRoZSBjb21iaW5hdGlvbiBvZiBob3N0IGFuZCB1c2VyIGZvciBoYWRvb3Ay
LjIueCwgaGFkb29wMi41LngsIGhhZG9vcDIuNi54IDogaHR0cHM6Ly9pc3N1ZXMuYXBhY2hlLm9y
Zy9qaXJhL2Jyb3dzZS9IQURPT1AtMTI2MjggLg0KDQpBZnRlciBwdXQgdGhlIHBhdGNoLHdlIGNh
biBzZXQgdGhlIGF1dGhvcml6YXRpb24gb2YgaG9zdC11c2VyIHBhaXIgaW4gdGhlIGhhZG9vcC1w
b2xpY3kueG1sLlRha2Ugc2VjdXJpdHkuY2xpZW50LnByb3RvY29sLmFjbCBmb3IgZXhhbXBsZToN
CklmIHdlIG9ubHkgbGV0IHRoZSBoYWRvb3BfdXNlcjEgZnJvbSAxOTIuMTY4LjAuMShpcCkgaGFz
IHRoZSBhdXRob3JpemF0aW9uLCB3ZSBjYW4gc2V0ICJoYWRvb3BfdXNlcjE6MTkyLjE2OC4wLjEi
LiBTbyBoYWRvb3BfdXNlcjEgZnJvbSBvdGhlciBob3N0IGJ1dCAxOTIuMTY4LjAuMSBkb2Vzbid0
IGhhdmUgdGhlIGF1dGhvcml6YXRpb24uIElmIHdlIGFkZCB0aGUgYXV0aG9yaXphdGlvbiBvZiBo
YWRvb3BfdXNlcjIgZnJvbSBteWhvc3QuY29tLmNuKGhvc3RuYW1lKSwgd2UgY2FuIHNldCAiaGFk
b29wX3VzZXIyOm15aG9zdC5jb20uY24iOyBpZiB3ZSBhdXRob3JpemUgaGFkb29wX3VzZXIzIGZy
b20gYW55IGhvc3Qsd2UganVzdCBzZXQgImhhZG9vcF91c2VyMyIgbGlrZSBiZWZvcmU7IGlmIHdl
IHdhbnQgdG9hdXRob3JpemUgYW55IHVzZXIgZnJvbSB0aGUgaG9zdCAxOTIuMTY4LjEwLjEwLCB3
ZSBjYW4gc2V0ICIqOjE5Mi4xNjguMTAuMTAiLg0KZXhhbXBsZaO6DQo8cHJvcGVydHk+DQo8bmFt
ZT5zZWN1cml0eS5jbGllbnQucHJvdG9jb2wuYWNsPC9uYW1lPg0KPHZhbHVlPmhhZG9vcF91c2Vy
MToxOTIuMTY4LjAuMSxoYWRvb3BfdXNlcjI6bXlob3N0LmNvbS5jbixoYWRvb3BfdXNlcjMsKjox
OTIuMTY4LjEwLjEwPC92YWx1ZT4NCjwvcHJvcGVydHk+DQpJdCBpcyBhbHNvIGFwcGxpZWQgdG8g
dGhlIGJsb2NrZWQgYWNjZXNzIGNvbnRyb2wgbGlzdCBhZnRlciBoYWRvb3AyLjYuMKO6DQpleGFt
cGxlo7oNCjxwcm9wZXJ0eT4NCjxuYW1lPnNlY3VyaXR5LmNsaWVudC5wcm90b2NvbC5hY2wuYmxv
Y2tlZDwvbmFtZT4NCjx2YWx1ZT5oYWRvb3BfdXNlcjE6MTkyLjE2OC4wLjEsaGFkb29wX3VzZXIy
Om15aG9zdC5jb20uY24saGFkb29wX3VzZXIzLCo6MTkyLjE2OC4xMC4xMDwvdmFsdWU+DQo8L3By
b3BlcnR5Pg0KVGhlIGZvcm1hdCBvZiBhY2Nlc3MgY29udHJvbCBsaXN0IGlzIGNvbXBsZXRlbHkg
Q29tcGF0aWJsZS4NClRoZSBsaXN0IG9mIHVzZXJzIGFuZCBncm91cHMgYXJlIGJvdGggY29tbWEg
c2VwYXJhdGVkIGxpc3Qgb2YgbmFtZXMuIFRoZSB0d28gbGlzdHMgYXJlIHNlcGFyYXRlZCBieSBh
IHNwYWNlLg0KQWRkIGEgYmxhbmsgYXQgdGhlIGJlZ2lubmluZyBvZiB0aGUgbGluZSBpZiBvbmx5
IGEgbGlzdCBvZiBncm91cHMgaXMgdG8gYmUgcHJvdmlkZWQsIGVxdWl2YWxlbnRseSBhIGNvbW1h
LXNlcGFyYXRlZCBsaXN0IG9mIHVzZXJzIGZvbGxvd2VkIGJ5IGEgc3BhY2Ugb3Igbm90aGluZyBp
bXBsaWVzIG9ubHkgYSBzZXQgb2YgZ2l2ZW4gdXNlcnMuQSBzcGVjaWFsIHZhbHVlIG9mICogaW1w
bGllcyB0aGF0IGFsbCB1c2VycyBmcm9tIGFueSBob3N0IGFyZSBhbGxvd2VkIHRvIGFjY2VzcyB0
aGUgc2VydmljZS4NCkV4YW1wbGU6DQp1c2VyMSx1c2VyMiBncm91cDEsZ3JvdXAyIKOodXNlcjEs
dXNlcjIsZ3JvdXAxLGdyb3VwMiBmcm9tIGFueSBob3N0IGhhdmUgdGhlIGF1dGhvcml6YXRpb26j
qQ0KdXNlcjE6MTkyLjE2OC4wLjEsdXNlcjI6bXlob3N0MS5jb20uY24gZ3JvdXAxOjE5Mi4xNjgu
MC4yLGdyb3VwMjpteWhvc3QyLmNvbS5jbiCjqHVzZXIxIGZyb20gMTkyLjE2OC4wLjEsIHVzZXIy
IGZyb20gbXlob3N0MS5jb20uY24sIGdyb3VwMSBmcm9tIDE5Mi4xNjguMC4yLGdyb3VwMiBmcm9t
IG15aG9zdDIuY29tLmNuIGhhdmUgdGhlIGF1dGhvcml6YXRpb26jqQ0KKjoxOTIuMTY4LjAuMSwq
Om15aG9zdDEuY29tLmNuIChhbnkgdXNlciBmcm9tIDE5Mi4xNjguMC4xLCBhbnkgdXNlciBmcm9t
IG15aG9zdDEuY29tLmNuIGhhdmUgdGhlIGF1dGhvcml6YXRpb26jqQ0KKiAoYW55IHVzZXIgZnJv
bSBhbnkgaG9zdCBoYXZlIHRoZSBhdXRob3JpemF0aW9uKQ0KZXhhbXBsZTE6DQo8cHJvcGVydHk+
DQo8bmFtZT5zZWN1cml0eS5jbGllbnQucHJvdG9jb2wuYWNsPC9uYW1lPg0KPHZhbHVlPio8L3Zh
bHVlPg0KPC9wcm9wZXJ0eT4NCmV4YW1wbGUyOg0KPHByb3BlcnR5Pg0KPG5hbWU+c2VjdXJpdHku
Y2xpZW50LnByb3RvY29sLmFjbDwvbmFtZT4NCjx2YWx1ZT51c2VyMSx1c2VyMiBncm91cDEsZ3Jv
dXAyPC92YWx1ZT4NCjwvcHJvcGVydHk+DQpleGFtcGxlMzoNCjxwcm9wZXJ0eT4NCjxuYW1lPnNl
Y3VyaXR5LmNsaWVudC5wcm90b2NvbC5hY2w8L25hbWU+DQo8dmFsdWU+KjoxOTIuMTY4LjAuMSwq
Om15aG9zdDEuY29tLmNuPC92YWx1ZT4NCjwvcHJvcGVydHk+DQpleGFtcGxlMzoNCjxwcm9wZXJ0
eT4NCjxuYW1lPnNlY3VyaXR5LmNsaWVudC5wcm90b2NvbC5hY2w8L25hbWU+DQo8dmFsdWU+dXNl
cjE6MTkyLjE2OC4wLjEsdXNlcjI6bXlob3N0MS5jb20uY24gZ3JvdXAxOjE5Mi4xNjguMC4yLGdy
b3VwMjpteWhvc3QyLmNvbS5jbjwvdmFsdWU+DQo8L3Byb3BlcnR5Pg0KDQoNClRoYW5rcyBhbmQg
aGFwcHkgd2Vla2VuZCENCg0K

--_000_7404AE097F6C3543904DA0C380B20D6626597FEXCHANGE23qunarse_
Content-Type: text/html; charset="gb2312"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dgb2312">
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:=CB=CE=CC=E5;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:=CB=CE=CC=E5;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@=CB=CE=CC=E5";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	text-align:justify;
	text-justify:inter-ideograph;
	font-size:10.5pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
	{mso-style-priority:99;
	mso-style-link:"=B4=BF=CE=C4=B1=BE Char";
	margin:0cm;
	margin-bottom:.0001pt;
	font-size:10.5pt;
	font-family:"Calibri","sans-serif";}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
span.Char
	{mso-style-name:"=B4=BF=CE=C4=B1=BE Char";
	mso-style-priority:99;
	mso-style-link:=B4=BF=CE=C4=B1=BE;
	font-family:"Calibri","sans-serif";}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";}
/* Page Definitions */
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"ZH-CN" link=3D"blue" vlink=3D"purple" style=3D"text-justify-t=
rim:punctuation">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt">hi a=
ll,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"text-align:left;line-height:=
15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">Service level authorization in hadoop2.2.x,hadoop2.5=
.x,hadoop2.6.x can only check the user from client. Service level authoriza=
tion in hadoop2.7.x add the function of checking the host(ip)
 from client, but only can check host and user independently and cannot che=
ck the combination of host and user.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt">I su=
bmitted a improvement issue and the patch which add the function of checkin=
g authorization of the combination of host and user for hadoop2.2.x, hadoop=
2.5.x, hadoop2.6.x :
<a href=3D"https://issues.apache.org/jira/browse/HADOOP-12628">https://issu=
es.apache.org/jira/browse/HADOOP-12628</a> .<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">After put the patch,we can set the authorization of =
host-user pair in the hadoop-policy.xml.Take security.client.protocol.acl f=
or example:<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">If we only let the hadoop_user1 from 192.168.0.1(ip)=
 has the authorization, we can set &quot;hadoop_user1:192.168.0.1&quot;. So=
 hadoop_user1 from other host but 192.168.0.1 doesn't have the authorizatio=
n.
 If we add the authorization of hadoop_user2 from myhost.com.cn(hostname), =
we can set &quot;hadoop_user2:myhost.com.cn&quot;; if we authorize hadoop_u=
ser3 from any host,we just set &quot;hadoop_user3&quot; like before; if we =
want toauthorize any user from the host 192.168.10.10,
 we can set &quot;*:192.168.10.10&quot;.<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">example</span><span style=3D"font-family:=CB=CE=CC=
=E5;color:#333333">=A3=BA</span><span lang=3D"EN-US" style=3D"font-family:&=
quot;Arial&quot;,&quot;sans-serif&quot;;color:#333333"><br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl&lt;/name&gt;<br>
&lt;value&gt;hadoop_user1:192.168.0.1,hadoop_user2:myhost.com.cn,hadoop_use=
r3,*:192.168.10.10&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">It is also applied to the blocked access control lis=
t after hadoop2.6.0</span><span style=3D"font-family:=CB=CE=CC=E5;color:#33=
3333">=A3=BA</span><span lang=3D"EN-US" style=3D"font-family:&quot;Arial&qu=
ot;,&quot;sans-serif&quot;;color:#333333"><br>
example</span><span style=3D"font-family:=CB=CE=CC=E5;color:#333333">=A3=BA=
</span><span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sa=
ns-serif&quot;;color:#333333"><br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl.blocked&lt;/name&gt;<br>
&lt;value&gt;hadoop_user1:192.168.0.1,hadoop_user2:myhost.com.cn,hadoop_use=
r3,*:192.168.10.10&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">The format of access control list is completely Comp=
atible.<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">The list of users and groups are both comma separate=
d list of names. The two lists are separated by a space.<br>
Add a blank at the beginning of the line if only a list of groups is to be =
provided, equivalently a comma-separated list of users followed by a space =
or nothing implies only a set of given users.A special value of * implies t=
hat all users from any host are
 allowed to access the service.<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">Example:&nbsp;<br>
user1,user2 group1,group2 </span><span style=3D"font-family:=CB=CE=CC=E5;co=
lor:#333333">=A3=A8</span><span lang=3D"EN-US" style=3D"font-family:&quot;A=
rial&quot;,&quot;sans-serif&quot;;color:#333333">user1,user2,group1,group2 =
from any host have the authorization</span><span style=3D"font-family:=CB=
=CE=CC=E5;color:#333333">=A3=A9</span><span lang=3D"EN-US" style=3D"font-fa=
mily:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#333333"><o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">user1:192.168.0.1,user2:myhost1.com.cn group1:192.16=
8.0.2,group2:myhost2.com.cn
</span><span style=3D"font-family:=CB=CE=CC=E5;color:#333333">=A3=A8</span>=
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">user1 from 192.168.0.1, user2 from myhost1.com.cn, g=
roup1 from 192.168.0.2,group2 from myhost2.com.cn have the authorization</s=
pan><span style=3D"font-family:=CB=CE=CC=E5;color:#333333">=A3=A9</span><sp=
an lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-serif&q=
uot;;color:#333333"><o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">*:192.168.0.1,*:myhost1.com.cn (any user from 192.16=
8.0.1, any user from myhost1.com.cn have the authorization</span><span styl=
e=3D"font-family:=CB=CE=CC=E5;color:#333333">=A3=A9</span><span lang=3D"EN-=
US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-serif&quot;;color:#33=
3333"><o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">* (any user from any host have the authorization)<o:=
p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">example1:<br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl&lt;/name&gt;<br>
&lt;value&gt;*&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">example2:<br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl&lt;/name&gt;<br>
&lt;value&gt;user1,user2 group1,group2&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">example3:<br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl&lt;/name&gt;<br>
&lt;value&gt;*:192.168.0.1,*:myhost1.com.cn&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal" align=3D"left" style=3D"margin-top:7.5pt;text-align:=
left;line-height:15.0pt;background:white;vertical-align:top">
<span lang=3D"EN-US" style=3D"font-family:&quot;Arial&quot;,&quot;sans-seri=
f&quot;;color:#333333">example3:<br>
&lt;property&gt;<br>
&lt;name&gt;security.client.protocol.acl&lt;/name&gt;<br>
&lt;value&gt;user1:192.168.0.1,user2:myhost1.com.cn group1:192.168.0.2,grou=
p2:myhost2.com.cn&lt;/value&gt;<br>
&lt;/property&gt;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt"><o:p=
>&nbsp;</o:p></span></p>
<p class=3D"MsoPlainText"><span lang=3D"EN-US">Thanks and happy weekend!<o:=
p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
</div>
</body>
</html>

--_000_7404AE097F6C3543904DA0C380B20D6626597FEXCHANGE23qunarse_--