Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
We should enable permission checking in dfs by default. Currently, on upgrade, all file permissions are 777, so this is a back-compatible change. After an upgrade folks can change owners and groups and limit permissions, and things will work as expected.
The current default, dfs.permissions=false, gives inconsistent behaviour: permissions are displayed in 'ls' and returned by the FileSystem APIs, but they're not enforced. In future releases we will certainly want dfs.permissions=true to be the default, and making it so now will thus also avoid an incompatible change.
dfs.permissions=false should be an optional, non-default configuration that some sites may decide to use. It is further defined in HADOOP-2543.