[jira] [Commented] (HDFS-7384) 'getfacl' command and 'getAclStatus' output should be in sync

Mon, 01 Dec 2014 09:59:15 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-7384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14230131#comment-14230131
 ] 

Chris Nauroth commented on HDFS-7384:
-------------------------------------

Thanks for the updated patch, Vinay.  Nice, the unit tests caught a legitimate 
problem!  :-)

I believe the default ACL case can be made to work in 
{{AclStatus#getEffectivePermission}} by checking for default scope, and using 
the second-to-last ACL entry in the list as the mask.  The sort order enforced 
on the NameNode side guarantees this.  This second-to-last logic currently in 
{{AclCommands}} would then be unnecessary:
{code}
      } else {
        // ACL sort order guarantees mask is the second-to-last entry.
        FsAction maskPerm = entries.get(entries.size() - 2).getPermission();
        for (AclEntry entry: entries) {
          printExtendedAclEntry(entry, maskPerm);
        }
      }
{code}
For the default ACL case, we'd never consider the {{permArg}} passed to 
{{AclStatus#getEffectivePermission}} as a candidate for the mask.  A default 
ACL always has the mask stored directly in the ACL entry list.

What do you think?  I think this is better than publishing an API that works 
for access ACL entries but gives incorrect results for default ACL entries.

> 'getfacl' command and 'getAclStatus' output should be in sync
> -------------------------------------------------------------
>
>                 Key: HDFS-7384
>                 URL: https://issues.apache.org/jira/browse/HDFS-7384
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7384-001.patch, HDFS-7384-002.patch, 
> HDFS-7384-003.patch, HDFS-7384-004.patch, HDFS-7384-005.patch, 
> HDFS-7384-006.patch, HDFS-7384-007.patch
>
>
> *getfacl* command will print all the entries including basic and extended 
> entries, mask entries and effective permissions.
> But, *getAclStatus* FileSystem API will return only extended ACL entries set 
> by the user. But this will not include the mask entry as well as effective 
> permissions.
> To benefit the client using API, better to include 'mask' entry and effective 
> permissions in the return list of entries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to