[ https://issues.apache.org/jira/browse/HDFS-5758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874185#comment-13874185 ]
Chris Nauroth commented on HDFS-5758: ------------------------------------- bq. I'm referring to distinguishing the ACLs that are generated and the ones are specified by setfacl / chmod. There are exactly 3 ACL entries that are inferred from permission bits: the owner, group and other entries. These are never really "generated", because they always originated from someone's setfacl or chmod call. If you feel strongly about this, let me know, and I'll change the patch to filter those 3 entries from the output of {{getAclStatus}} and then add them back in the getfacl CLI. I don't think the distinction provides an end user with any valuable information though. bq. I see it as an optimization. Can you keep it in a separate patch? No, reducing to a minimal ACL is a matter of correctness rather than optimization, so I don't think it can be separated to a different patch. Those 4 scenarios all eliminate the extended ACL, and correctness requires that we turn off the ACL bit. (See example below.) I suppose dropping the {{AclFeature}} could be thought of as an optimization, but it's going to be a tiny patch if I separate just that part. bq. Based on your description, it seems to me that in removeAcl, the task can be done via looking up the group entries and set the permission back. Yes, we can do that. I'll put together a new patch for that. {code} [cnauroth@ubuntu:pts/0] acltest > touch file1 [cnauroth@ubuntu:pts/0] acltest > setfacl -m user:bruce:rwx file1 [cnauroth@ubuntu:pts/0] acltest > ls -lrt file1 -rw-rwxr--+ 1 cnauroth 0 Jan 16 15:58 file1* [cnauroth@ubuntu:pts/0] acltest > getfacl file1 # file: file1 # owner: cnauroth # group: cnauroth user::rw- user:bruce:rwx group::rw- mask::rwx other::r-- [cnauroth@ubuntu:pts/0] acltest > setfacl -x user:bruce,mask file1 [cnauroth@ubuntu:pts/0] acltest > ls -lrt file1 -rw-rw-r-- 1 cnauroth 0 Jan 16 15:58 file1 [cnauroth@ubuntu:pts/0] acltest > getfacl file1 # file: file1 # owner: cnauroth # group: cnauroth user::rw- group::rw- other::r-- {code} > NameNode: complete implementation of inode modifications for ACLs. > ------------------------------------------------------------------ > > Key: HDFS-5758 > URL: https://issues.apache.org/jira/browse/HDFS-5758 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: namenode > Affects Versions: HDFS ACLs (HDFS-4685) > Reporter: Chris Nauroth > Assignee: Chris Nauroth > Attachments: HDFS-5758.1.patch, HDFS-5758.2.patch > > > This patch will complete the remaining logic for the ACL get and set APIs, > including remaining work in {{FSNamesystem}}, {{FSDirectory}} and storage in > the inodes. -- This message was sent by Atlassian JIRA (v6.1.5#6160)