[
https://issues.apache.org/jira/browse/HDFS-7389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207029#comment-14207029
]
Hadoop QA commented on HDFS-7389:
---------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12680767/HDFS-7389-002.patch
against trunk revision 58e9bf4.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 1 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-hdfs-project/hadoop-hdfs.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/8714//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/8714//console
This message is automatically generated.
> Named user ACL cannot stop the user from accessing the FS entity.
> -----------------------------------------------------------------
>
> Key: HDFS-7389
> URL: https://issues.apache.org/jira/browse/HDFS-7389
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Affects Versions: 2.5.1
> Reporter: Chunjun Xiao
> Assignee: Vinayakumar B
> Attachments: HDFS-7389-001.patch, HDFS-7389-002.patch
>
>
> In
> http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/:
> {quote}
> It’s important to keep in mind the order of evaluation for ACL entries when a
> user attempts to access a file system object:
> 1. If the user is the file owner, then the owner permission bits are enforced.
> 2. Else if the user has a named user ACL entry, then those permissions are
> enforced.
> 3. Else if the user is a member of the file’s group or any named group in an
> ACL entry, then the union of permissions for all matching entries are
> enforced. (The user may be a member of multiple groups.)
> 4. If none of the above were applicable, then the other permission bits are
> enforced.
> {quote}
> Assume we have a user UserA from group GroupA, if we config a directory as
> following ACL entries:
> group:GroupA:rwx
> user:UserA:---
> According to the design spec above, userA should have no access permission to
> the file object, while actually userA still has rwx access to the dir.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
