Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13170

Port webhdfs unmaskedpermission parameter to HTTPFS

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.0-alpha2
    • 3.1.0, 3.0.3
    • None
    • None
    • Reviewed

    Description

      HDFS-6962 fixed a long standing issue where default ACLs are not correctly applied to files when they are created from the hadoop shell.

      With this change, if you create a file with default ACLs against the parent directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result is:

      # file: /test_acl/file_from_shell_off
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx    #effective:r--
user:user2:rwx    #effective:r--
group::r-x    #effective:r--
group:users:rwx    #effective:r--
mask::r--
other::r--

      And if you enable this, to fix the bug above, the result is as you would expect:

      # file: /test_acl/file_from_shell
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx    #effective:rw-
user:user2:rwx    #effective:rw-
group::r-x    #effective:r--
group:users:rwx    #effective:rw-
mask::rw-
other::r--

      If I then create a file over HTTPFS or webHDFS, the behaviour is not the same as above:

      # file: /test_acl/default_permissions
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx    #effective:r-x
user:user2:rwx    #effective:r-x
group::r-x
group:users:rwx    #effective:r-x
mask::r-x
other::r-x

      Notice the mask is set to r-x and this remove the write permission on the new file.

      As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the same behaviour as when a file is written from the CLI:

      curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"  "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE&user.name=user1&namenoderpcaddress=namenode:8020&overwrite=false&unmaskedpermission=770"

# file: /test_acl/unmasked__770
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
group:users:rwx
mask::rwx
other::---

      However, this parameter was never ported to HTTPFS.

      This Jira is to replicate the same changes to HTTPFS so this parameter is available there too.

      Attachments

        1. HDFS-13170.001.patch
          18 kB
          Stephen O'Donnell
        2. HDFS-13170.002.patch
          18 kB
          Stephen O'Donnell
        3. HDFS-13170.003.patch
          18 kB
          Stephen O'Donnell
        4. HDFS-13170.004.patch
          18 kB
          Stephen O'Donnell

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6962 ACL inheritance conflicts with umaskmode

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              sodonnell Stephen O'Donnell
              sodonnell Stephen O'Donnell
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: