[
https://issues.apache.org/jira/browse/HDFS-4685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14317297#comment-14317297
]
Chris Nauroth commented on HDFS-4685:
-------------------------------------
bq. My question is, if we already have the permission bits that describes the
owning group's permission, why we need this owning group entry in the ACL?
Hi [~yzhangal]. The owning group permissions and the owning group entry in an
ACL are actually logically equivalent concepts. In fact, if you run {{hdfs
-getfacl}} on a file that doesn't have an ACL at all (only permission bits),
then you'll see it still report back 3 ACL entries for owner, group and other.
The literature sometimes refers to this degenerate case as a "minimal ACL".
The statement in UC3 indicates that you need both ACL entries to implement this
use case. There are 2 distinct groups of users, and there is a need to enforce
different permissions for each group.
Thanks for the question, and I hope this helps.
> Implementation of ACLs in HDFS
> ------------------------------
>
> Key: HDFS-4685
> URL: https://issues.apache.org/jira/browse/HDFS-4685
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: hdfs-client, namenode, security
> Affects Versions: 1.1.2
> Reporter: Sachin Jose
> Assignee: Chris Nauroth
> Fix For: 2.4.0
>
> Attachments: HDFS-4685-branch-2.1.patch, HDFS-4685.1.patch,
> HDFS-4685.2.patch, HDFS-4685.3.patch, HDFS-4685.4.patch,
> HDFS-ACLs-Design-1.pdf, HDFS-ACLs-Design-2.pdf, HDFS-ACLs-Design-3.pdf,
> Test-Plan-for-Extended-Acls-1.pdf, Test-Plan-for-Extended-Acls-2.pdf
>
>
> Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be
> achieved using getfacl and setfacl utilities. Is there anybody working on
> this feature ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
