[jira] [Resolved] (HDFS-8419) chmod impact user's effective ACL

Mon, 18 May 2015 10:12:22 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-8419?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth resolved HDFS-8419.
---------------------------------
    Resolution: Not A Problem

Hello, [~sinago].  This behavior is by design.  The documentation mentions that 
running {{chmod}} on a file with an ACL actually changes the permissions on the 
mask entry, which in turn alters the effective permissions for all extended ACL 
entries.

http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_Access_Control_Lists

This behavior matches with the POSIX ACL model.  The spec that we used as a 
reference during development goes into greater detail describing the motivation 
for the mask entry and its interaction with applications that are not 
ACL-aware, such as {{chmod}}.

http://users.suse.com/~agruen/acl/linux-acls/online/

If you want, you can control the mask entry directly by using {{setfacl -m}} 
and including a mask entry with the explicit permissions that you want.

> chmod impact user's effective ACL
> ---------------------------------
>
>                 Key: HDFS-8419
>                 URL: https://issues.apache.org/jira/browse/HDFS-8419
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: HDFS
>    Affects Versions: 2.6.0
>            Reporter: zhouyingchao
>            Assignee: zhouyingchao
>
> I set a directory's ACL to assign rwx permission to user h_user1. Later, I 
> used chmod to change the group permission to r-x. I understand chmod of an 
> acl enabled file would only change the permission mask. The abnormal thing is 
> that the operation will change the h_user1's effective ACL from rwx to r-x.
> Following are ACLs before any operaton:
> -----------------------------------------
> \# file: /grptest
> \# owner: hdfs_tst_admin
> \# group: supergroup
> user::rwx
> user:h_user1:rwx
> group::r-x
> mask::rwx
> other::---
> -----------------------------------------
> Following are ACLs after "chmod 750 /grptest"
> -----------------------------------------
> \# file: /grptest
> \# owner: hdfs_tst_admin
> \# group: supergroup
> user::rwx
> user:h_user1:rwx      #effective:r-x
> group::r-x
> mask::r-x
> other::---
> -----------------------------------------
> I'm wondering if this behavior is by design.  If not, I'd like to fix the 
> issue. Thank you.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to