[jira] [Commented] (HADOOP-10213) setfacl -x should reject attempts to include permissions in the ACL spec.

Mon, 13 Jan 2014 20:46:15 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13870382#comment-13870382
 ] 

Vinay commented on HADOOP-10213:
--------------------------------

bq. Hi, Vinay. This looks good, but I think we'll need to revert the AclEntry 
portion of the change. There are various unit tests that rely on assertEquals 
or assertArrayEquals to check that the correct ACL was applied to a file. With 
this change, those assertEquals calls would pass even if the permissions inside 
the ACL entries were incorrect. Even putting aside tests, this is a public 
user-facing class, and callers likely would find it surprising if 
"user:bruce:rwx" and "user:bruce:---" were considered equal.
With this reason only I have earlier included permissions also from command 
line for -x.
But in this case, say permissions are not passed from the commandline, but the 
ACLEntries contain ACL for same user/group with some permissions. In this case, 
permissions will differ and objects also will differ.
In general, there will be only one ACL entry per user/group in each type no 
matter what are the permissions. I agree that we cannot consider 
"user:bruce:rwx" and "user:bruce:---" as equal, but also both these entries 
cannot be present in list of ACL entries right?

So my preference is that we need to check for permissions separately whenever 
necessary, instead of including in equals() and hashCode(). 
What you say?

> setfacl -x should reject attempts to include permissions in the ACL spec.
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-10213
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10213
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: tools
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Vinay
>         Attachments: HADOOP-10213.patch
>
>
> When calling setfacl -x to remove ACL entries, it does not make sense for the 
> entries in the ACL spec to contain permissions.  The permissions should be 
> unspecified, and the CLI should return an error if the user attempts to 
> provide permissions.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to