[ https://issues.apache.org/jira/browse/HDFS-7384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14230131#comment-14230131 ]
Chris Nauroth commented on HDFS-7384: ------------------------------------- Thanks for the updated patch, Vinay. Nice, the unit tests caught a legitimate problem! :-) I believe the default ACL case can be made to work in {{AclStatus#getEffectivePermission}} by checking for default scope, and using the second-to-last ACL entry in the list as the mask. The sort order enforced on the NameNode side guarantees this. This second-to-last logic currently in {{AclCommands}} would then be unnecessary: {code} } else { // ACL sort order guarantees mask is the second-to-last entry. FsAction maskPerm = entries.get(entries.size() - 2).getPermission(); for (AclEntry entry: entries) { printExtendedAclEntry(entry, maskPerm); } } {code} For the default ACL case, we'd never consider the {{permArg}} passed to {{AclStatus#getEffectivePermission}} as a candidate for the mask. A default ACL always has the mask stored directly in the ACL entry list. What do you think? I think this is better than publishing an API that works for access ACL entries but gives incorrect results for default ACL entries. > 'getfacl' command and 'getAclStatus' output should be in sync > ------------------------------------------------------------- > > Key: HDFS-7384 > URL: https://issues.apache.org/jira/browse/HDFS-7384 > Project: Hadoop HDFS > Issue Type: Improvement > Reporter: Vinayakumar B > Assignee: Vinayakumar B > Attachments: HDFS-7384-001.patch, HDFS-7384-002.patch, > HDFS-7384-003.patch, HDFS-7384-004.patch, HDFS-7384-005.patch, > HDFS-7384-006.patch, HDFS-7384-007.patch > > > *getfacl* command will print all the entries including basic and extended > entries, mask entries and effective permissions. > But, *getAclStatus* FileSystem API will return only extended ACL entries set > by the user. But this will not include the mask entry as well as effective > permissions. > To benefit the client using API, better to include 'mask' entry and effective > permissions in the return list of entries. -- This message was sent by Atlassian JIRA (v6.3.4#6332)