Thinking about this a little more, I'm in favor of adding a new command line option instead of building preservation of ACLs into the existing -p.
As stated in my last comment, I think the failure behavior is important, because it prevents accidentally copying without preserving important authorization rules. For a user copying files across different HDFS clusters, this would unfortunately create a situation where a file on the source cluster could not be copied to the destination cluster while using -p. This has the potential to break existing processes and scripts if a user suddenly sets an ACL in the source cluster. When we consider the possibility of a large recursive cp -p, the impact of the problem becomes even greater. It could fail half-way through a large recursive copy and force a lot of manual recovery work for the operator.
Another consideration is the additional RPC load. This might be unexpected in very large clusters. Again, the recursive use case magnifies this problem.
I recommend that we introduce a new -pa option. This way, the new behavior is opt-in, and existing processes won't encounter the problems described above. If there is a problem, then the operator can decide if it makes sense to drop the -pa argument and rerun the command. They'll still have the capability to copy and preserve all other attributes. I realize this deviates from some of the behavior on Unix, but it's a trade-off.
You may want to wait for
HADOOP-10561 to get committed before making any further changes. That patch does something similar for xattrs, and I expect you'll get the opportunity to reuse some code.