Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13170

Port webhdfs unmaskedpermission parameter to HTTPFS

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0-alpha2
    • Fix Version/s: 3.1.0, 3.0.3
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      HDFS-6962 fixed a long standing issue where default ACLs are not correctly applied to files when they are created from the hadoop shell.

      With this change, if you create a file with default ACLs against the parent directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result is:

      # file: /test_acl/file_from_shell_off
      # owner: user1
      # group: supergroup
      user::rw-
      user:user1:rwx    #effective:r--
      user:user2:rwx    #effective:r--
      group::r-x    #effective:r--
      group:users:rwx    #effective:r--
      mask::r--
      other::r--
      

      And if you enable this, to fix the bug above, the result is as you would expect:

      # file: /test_acl/file_from_shell
      # owner: user1
      # group: supergroup
      user::rw-
      user:user1:rwx    #effective:rw-
      user:user2:rwx    #effective:rw-
      group::r-x    #effective:r--
      group:users:rwx    #effective:rw-
      mask::rw-
      other::r--
      

      If I then create a file over HTTPFS or webHDFS, the behaviour is not the same as above:

      # file: /test_acl/default_permissions
      # owner: user1
      # group: supergroup
      user::rwx
      user:user1:rwx    #effective:r-x
      user:user2:rwx    #effective:r-x
      group::r-x
      group:users:rwx    #effective:r-x
      mask::r-x
      other::r-x
      

      Notice the mask is set to r-x and this remove the write permission on the new file.

      As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the same behaviour as when a file is written from the CLI:

      curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"  "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE&user.name=user1&namenoderpcaddress=namenode:8020&overwrite=false&unmaskedpermission=770"
      
      # file: /test_acl/unmasked__770
      # owner: user1
      # group: supergroup
      user::rwx
      user:user1:rwx
      user:user2:rwx
      group::r-x
      group:users:rwx
      mask::rwx
      other::---
      

      However, this parameter was never ported to HTTPFS.

      This Jira is to replicate the same changes to HTTPFS so this parameter is available there too.

        Attachments

        1. HDFS-13170.001.patch
          18 kB
          Stephen O'Donnell
        2. HDFS-13170.002.patch
          18 kB
          Stephen O'Donnell
        3. HDFS-13170.003.patch
          18 kB
          Stephen O'Donnell
        4. HDFS-13170.004.patch
          18 kB
          Stephen O'Donnell

          Issue Links

            Activity

              People

              • Assignee:
                sodonnell Stephen O'Donnell
                Reporter:
                sodonnell Stephen O'Donnell
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: