[ https://issues.apache.org/jira/browse/HDFS-7389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14206283#comment-14206283 ]
Hadoop QA commented on HDFS-7389: --------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12680760/HDFS-7389-001.patch against trunk revision 58e9bf4. {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:green}+1 tests included{color}. The patch appears to include 1 new or modified test files. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. There were no new javadoc warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 2.0.3) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:red}-1 core tests{color}. The patch failed these unit tests in hadoop-hdfs-project/hadoop-hdfs: org.apache.hadoop.hdfs.server.namenode.TestNamenodeRetryCache org.apache.hadoop.hdfs.server.namenode.TestSecondaryNameNodeUpgrade {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/8712//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/8712//console This message is automatically generated. > Named user ACL cannot stop the user from accessing the FS entity. > ----------------------------------------------------------------- > > Key: HDFS-7389 > URL: https://issues.apache.org/jira/browse/HDFS-7389 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.5.1 > Reporter: Chunjun Xiao > Assignee: Vinayakumar B > Attachments: HDFS-7389-001.patch, HDFS-7389-002.patch > > > In > http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/: > {quote} > It’s important to keep in mind the order of evaluation for ACL entries when a > user attempts to access a file system object: > 1. If the user is the file owner, then the owner permission bits are enforced. > 2. Else if the user has a named user ACL entry, then those permissions are > enforced. > 3. Else if the user is a member of the file’s group or any named group in an > ACL entry, then the union of permissions for all matching entries are > enforced. (The user may be a member of multiple groups.) > 4. If none of the above were applicable, then the other permission bits are > enforced. > {quote} > Assume we have a user UserA from group GroupA, if we config a directory as > following ACL entries: > group:GroupA:rwx > user:UserA:--- > According to the design spec above, userA should have no access permission to > the file object, while actually userA still has rwx access to the dir. -- This message was sent by Atlassian JIRA (v6.3.4#6332)