[
https://issues.apache.org/jira/browse/HDFS-5758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874185#comment-13874185
]
Chris Nauroth commented on HDFS-5758:
-------------------------------------
bq. I'm referring to distinguishing the ACLs that are generated and the ones
are specified by setfacl / chmod.
There are exactly 3 ACL entries that are inferred from permission bits: the
owner, group and other entries. These are never really "generated", because
they always originated from someone's setfacl or chmod call. If you feel
strongly about this, let me know, and I'll change the patch to filter those 3
entries from the output of {{getAclStatus}} and then add them back in the
getfacl CLI. I don't think the distinction provides an end user with any
valuable information though.
bq. I see it as an optimization. Can you keep it in a separate patch?
No, reducing to a minimal ACL is a matter of correctness rather than
optimization, so I don't think it can be separated to a different patch. Those
4 scenarios all eliminate the extended ACL, and correctness requires that we
turn off the ACL bit. (See example below.) I suppose dropping the
{{AclFeature}} could be thought of as an optimization, but it's going to be a
tiny patch if I separate just that part.
bq. Based on your description, it seems to me that in removeAcl, the task can
be done via looking up the group entries and set the permission back.
Yes, we can do that. I'll put together a new patch for that.
{code}
[cnauroth@ubuntu:pts/0] acltest
> touch file1
[cnauroth@ubuntu:pts/0] acltest
> setfacl -m user:bruce:rwx file1
[cnauroth@ubuntu:pts/0] acltest
> ls -lrt file1
-rw-rwxr--+ 1 cnauroth 0 Jan 16 15:58 file1*
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
user:bruce:rwx
group::rw-
mask::rwx
other::r--
[cnauroth@ubuntu:pts/0] acltest
> setfacl -x user:bruce,mask file1
[cnauroth@ubuntu:pts/0] acltest
> ls -lrt file1
-rw-rw-r-- 1 cnauroth 0 Jan 16 15:58 file1
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
group::rw-
other::r--
{code}
> NameNode: complete implementation of inode modifications for ACLs.
> ------------------------------------------------------------------
>
> Key: HDFS-5758
> URL: https://issues.apache.org/jira/browse/HDFS-5758
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-5758.1.patch, HDFS-5758.2.patch
>
>
> This patch will complete the remaining logic for the ACL get and set APIs,
> including remaining work in {{FSNamesystem}}, {{FSDirectory}} and storage in
> the inodes.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
