[
https://issues.apache.org/jira/browse/HDFS-7582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-7582:
--------------------------------
Target Version/s: 3.0.0 (was: 2.8.0)
Labels: (was: BB2015-05-TBR)
Hi [~vinayrpet]. Sorry for the long delay replying to this.
If we were to make any change that would restrict the number of ACL entries to
a smaller number than what we allow now, then it would be a
backwards-incompatible change. It's possible that existing deployments are
already dependent on being able to create an ACL that uses the current limit.
Therefore, I would have to -1 any such change made on the 2.x line.
Do you still want to consider changing this for 3.x? We'd have the flexibility
to make a backwards-incompatible change there. If we did that, then I'd still
want to make sure that we can load an existing fsimage/edits that took
advantage of today's limits. I'd want us to have a JUnit test to verify that,
so that people upgrading from 2.x to 3.x won't fail to load the metadata or
silently lose some of their ACL entries.
bq. In My test of POSIX ACLs, the limit of 25 were separately applied on ACCESS
and DEFAULT entries, so totally there could be 50 entries.
I'd have to retest, but I think this is different from the behavior I observed.
It would be great if we could find a definitive source that defines the limit,
but I haven't found it yet.
> Limit the number of default ACL entries to Half of maximum entries (16)
> -----------------------------------------------------------------------
>
> Key: HDFS-7582
> URL: https://issues.apache.org/jira/browse/HDFS-7582
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: namenode
> Reporter: Vinayakumar B
> Assignee: Vinayakumar B
> Attachments: HDFS-7582-001.patch
>
>
> Current ACL limits are only on the total number of entries.
> But there can be a situation where number of default entries for a directory
> will be more than half of the maximum entries, i.e. > 16.
> In such case, under this parent directory only files can be created which
> will have ACLs inherited using parent's default entries.
> But when directories are created, total number of entries will be more than
> the maximum allowed, because sub-directories copies both inherited ACLs as
> well as default entries.
> Since currently there is no check while copying ACLs from default ACLs
> directory creation succeeds, but any modification (only permission on one
> entry also) on the same ACL will fail.
> So it would be better to restrict the default entries to 16.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
