Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-4685

Implementation of ACLs in HDFS

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.1.2
    • 2.4.0
    • hdfs-client, namenode, security
    • None
    • Reviewed
    • HDFS now supports ACLs (Access Control Lists). ACLs can specify fine-grained file permissions for specific named users or named groups.

    Description

      Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be achieved using getfacl and setfacl utilities. Is there anybody working on this feature ?

      Attachments

        1. HDFS-ACLs-Design-1.pdf
          448 kB
          Chris Nauroth
        2. HDFS-ACLs-Design-2.pdf
          454 kB
          Chris Nauroth
        3. HDFS-ACLs-Design-3.pdf
          572 kB
          Chris Nauroth
        4. Test-Plan-for-Extended-Acls-1.pdf
          131 kB
          Chris Nauroth
        5. HDFS-4685.1.patch
          519 kB
          Chris Nauroth
        6. HDFS-4685.2.patch
          540 kB
          Chris Nauroth
        7. HDFS-4685.3.patch
          540 kB
          Chris Nauroth
        8. HDFS-4685.4.patch
          538 kB
          Chris Nauroth
        9. HDFS-4685-branch-2.1.patch
          561 kB
          Chris Nauroth
        10. Test-Plan-for-Extended-Acls-2.pdf
          166 kB
          Yesha Vora

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6326 WebHdfs ACL compatibility is broken

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10354 TestWebHDFS fails after merge of HDFS-4685 to trunk

          • Major - Major loss of function.
          • Closed
          incorporates

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-10184 Hadoop Common changes required to support HDFS ACLs.

          • Major - Major loss of function.
          • Closed
          is duplicated by

          New Feature - A new feature of the product, which has yet to be developed. HDFS-5117 Allow the owner of an HDFS path to be a group

          • Major - Major loss of function.
          • Resolved
          is related to

          Sub-task - The sub-task of the issue HDFS-5923 Do not persist the ACL bit in the FsPermission

          • Major - Major loss of function.
          • Resolved

          Sub-task - The sub-task of the issue HDFS-5932 Ls should display the ACL bit

          • Major - Major loss of function.
          • Resolved

          Sub-task - The sub-task of the issue HDFS-5933 Optimize the FSImage layout for ACLs

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6962 ACL inheritance conflicts with umaskmode

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-5737 Replacing only the default ACL can fail to copy unspecified base entries from the access ACL.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-5739 ACL RPC must allow null name or unspecified permissions in ACL entries.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-5799 Make audit logging consistent across ACL APIs.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-5849 Removing ACL from an inode fails if it has only a default ACL.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6711 FSNamesystem#getAclStatus does not write to the audit log.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6039 Uploading a File under a Dir with default acls throws "Duplicated ACLFeature"

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6232 OfflineEditsViewer throws a NPE on edits containing ACL modifications

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HDFS-7456 De-duplicate AclFeature instances with same AclEntries do reduce memory footprint of NameNode

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HDFS-7218 FSNamesystem ACL operations should write to audit log on failure

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HDFS-6028 Print clearer error message when user attempts to delete required mask entry from ACL.

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-6128 Implement libhdfs bindings for HDFS ACL APIs.

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-5621 NameNode: add indicator in web UI file system browser if a file has an ACL.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-5925 ACL configuration flag must only reject ACL API calls, not ACLs present in fsimage or edits.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-5860 Refactor INodeDirectory getDirectoryXFeature methods to use common getFeature helper method.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-7384 'getfacl' command and 'getAclStatus' output should be in sync

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MAPREDUCE-5809 Enhance distcp to support preserving HDFS ACLs.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-5908 Change AclFeature to capture list of ACL entries in an ImmutableList.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-6069 Quash stack traces when ACLs are disabled

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Test - A new unit, integration or system test. HDFS-5858 Refactor common ACL test cases to be run through multiple FileSystem implementations.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Test - A new unit, integration or system test. HDFS-5937 Fix TestOfflineEditsViewer on HDFS-4685 branch.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Test - A new unit, integration or system test. HDFS-5995 TestFSEditLogLoader#testValidateEditLogWithCorruptBody gets OutOfMemoryError and dumps heap.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Test - A new unit, integration or system test. HDFS-5624 Add HDFS tests for ACLs in combination with viewfs.

          • Major - Major loss of function.
          • Closed

          Test - A new unit, integration or system test. HDFS-6063 TestAclCLI fails intermittently when running test 24: copyFromLocal

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HDFS-5827 Children are not inheriting parent's default ACLs

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-9671 Improve Hadoop security - Use cases, Threat Model and Problems

          • Major - Major loss of function.
          • Open
          1.
          		 NameNode: implement AclManager as abstraction over INode ACL Map. Sub-task Resolved Chris Nauroth
          2.
          		 Implement RPC stubs Sub-task Resolved Haohui Mai
          3.
          		 DistributedFileSystem: implement modifyAclEntries, removeAclEntries and removeAcl. Sub-task Resolved Haohui Mai
          4.
          		 DistributedFileSystem: implement removeDefaultAcl. Sub-task Resolved Haohui Mai
          5.
          		 DistributedFileSystem: add support for recursive flag in ACL methods. Sub-task Resolved Unassigned
          6.
          		 libHDFS: implement hdfsGetAcls and hdfsSetAcl. Sub-task Resolved Unassigned
          7.
          		 libHDFS: implement hdfsModifyAclEntries, hdfsRemoveAclEntries and hdfsRemoveAcl. Sub-task Resolved Unassigned
          8.
          		 libHDFS: implement hdfsRemoveDefaultAcl. Sub-task Resolved Unassigned
          9.
          		 libHDFS: add support for recursive flag in ACL functions. Sub-task Resolved Unassigned
          10.
          		 WebHDFS: implement ACL APIs. Sub-task Resolved Sachin Jose
          11.
          		 WebHDFS: implement MODIFYACLENTRIES, REMOVEACLENTRIES and REMOVEACL. Sub-task Resolved Sachin Jose
          12.
          		 WebHDFS: implement REMOVEDEFAULTACL. Sub-task Resolved R J
          13.
          		 WebHDFS: add support for recursive flag in ACL operations. Sub-task Resolved R J
          14.
          		 NameNode: change all permission checks to enforce ACLs in addition to permissions. Sub-task Resolved Chris Nauroth
          15.
          		 NameNode: implement handling of ACLs in combination with symlinks. Sub-task Resolved Chris Nauroth
          16.
          		 NameNode: implement handling of ACLs in combination with snapshots. Sub-task Resolved Chris Nauroth
          17.
          		 NameNode: implement handling of ACLs in combination with sticky bit. Sub-task Resolved Chris Nauroth
          18.
          		 NameNode: implement default ACL handling. Sub-task Resolved Chris Nauroth
          19.
          		 NameNode: enforce maximum number of ACL entries. Sub-task Resolved Chris Nauroth
          20.
          		 NameNode: persist ACLs in fsimage. Sub-task Resolved Haohui Mai
          21.
          		 NameNode: record ACL modifications to edit log. Sub-task Resolved Haohui Mai
          22.
          		 NameNode: implement Global ACL Set as a memory optimization. Sub-task Resolved Chris Nauroth
          23.
          		 NameNode: change startup progress to track loading INode ACL Map. Sub-task Resolved Unassigned
          24.
          		 NameNode: add tests for skipping ACL enforcement when permission checks are disabled, user is superuser or user is member of supergroup. Sub-task Closed Chris Nauroth
          25.
          		 Write end user documentation for HDFS ACLs. Sub-task Resolved Chris Nauroth
          26.
          		 HDFS implementation of FileContext API for ACLs. Sub-task Closed Vinayakumar B
          27.
          		 Implement ACL as a INode feature Sub-task Resolved Haohui Mai
          28.
          		 Implement logic for modification of ACLs. Sub-task Resolved Chris Nauroth
          29.
          		 FsShell Cli: Add XML based End-to-End test for getfacl and setfacl commands Sub-task Resolved Vinayakumar B
          30.
          		 NameNode: complete implementation of inode modifications for ACLs. Sub-task Resolved Chris Nauroth
          31.
          		 Add CLI test for Ls output for extended ACL marker Sub-task Resolved Vinayakumar B
          32.
          		 Add configuration flag to disable/enable support for ACLs. Sub-task Resolved Chris Nauroth
          33.
          		 Incorporate ACLs with the changes from HDFS-5698 Sub-task Resolved Haohui Mai
          34.
          		 Do not persist the ACL bit in the FsPermission Sub-task Resolved Haohui Mai
          35.
          		 Ls should display the ACL bit Sub-task Resolved Chris Nauroth
          36.
          		 Optimize the FSImage layout for ACLs Sub-task Resolved Haohui Mai

          Activity

            People

              cnauroth Chris Nauroth
              sachinjose2007@gmail.com Sachin Jose
              Votes:
              2 Vote for this issue
              Watchers:
              45 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: