[
https://issues.apache.org/jira/browse/HDFS-6570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14068894#comment-14068894
]
Colin Patrick McCabe commented on HDFS-6570:
--------------------------------------------
bq. acl.proto: I'm not sure it's backwards-compatible to take the existing
FsActionProto nested inside AclEntryProto and move it to top level. If protobuf
encodes the message name now as "AclEntryProto.FsActionProto", then it might
break interop. It would be interesting to test "hdfs dfs -getfacl" on files
with ACLs using a mix of old client + new server or new client + old server. If
there is a problem, then we might need to find a way to refer to the nested
definition, or if all else fails maintain duplicate definitions (nested and
top-level) just for comaptibility.
Protobuf doesn't encode field names. It just assumes that the data you're
giving it fits the schema you're giving it. As far as I know, moving the enum
from nested to top-level will not change its representation. Enums are just
represented as varints in protobuf... i.e. the same as uint32s is represented.
Unless you're changing the value of the enum constants, it shouldn't change
anything. So I believe this part is OK.
> add api that enables checking if a user has certain permissions on a file
> -------------------------------------------------------------------------
>
> Key: HDFS-6570
> URL: https://issues.apache.org/jira/browse/HDFS-6570
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Thejas M Nair
> Assignee: Jitendra Nath Pandey
> Attachments: HDFS-6570-prototype.1.patch, HDFS-6570.2.patch
>
>
> For some of the authorization modes in Hive, the servers in Hive check if a
> given user has permissions on a certain file or directory. For example, the
> storage based authorization mode allows hive table metadata to be modified
> only when the user has access to the corresponding table directory on hdfs.
> There are likely to be such use cases outside of Hive as well.
> HDFS does not provide an api for such checks. As a result, the logic to check
> if a user has permissions on a directory gets replicated in Hive. This
> results in duplicate logic and there introduces possibilities for
> inconsistencies in the interpretation of the permission model. This becomes a
> bigger problem with the complexity of ACL logic.
> HDFS should provide an api that provides functionality that is similar to
> access function in unistd.h - http://linux.die.net/man/2/access .
--
This message was sent by Atlassian JIRA
(v6.2#6252)
