Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-4685

Implementation of ACLs in HDFS

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.1.2
    • 2.4.0
    • hdfs-client, namenode, security
    • None
    • Reviewed
    • HDFS now supports ACLs (Access Control Lists). ACLs can specify fine-grained file permissions for specific named users or named groups.

    Description

      Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be achieved using getfacl and setfacl utilities. Is there anybody working on this feature ?

      Attachments

        1. Test-Plan-for-Extended-Acls-2.pdf
          166 kB
          Yesha Vora
        2. Test-Plan-for-Extended-Acls-1.pdf
          131 kB
          Chris Nauroth
        3. HDFS-ACLs-Design-3.pdf
          572 kB
          Chris Nauroth
        4. HDFS-ACLs-Design-2.pdf
          454 kB
          Chris Nauroth
        5. HDFS-ACLs-Design-1.pdf
          448 kB
          Chris Nauroth
        6. HDFS-4685-branch-2.1.patch
          561 kB
          Chris Nauroth
        7. HDFS-4685.4.patch
          538 kB
          Chris Nauroth
        8. HDFS-4685.3.patch
          540 kB
          Chris Nauroth
        9. HDFS-4685.2.patch
          540 kB
          Chris Nauroth
        10. HDFS-4685.1.patch
          519 kB
          Chris Nauroth

        Issue Links

        1.
        NameNode: implement AclManager as abstraction over INode ACL Map. Sub-task Resolved Chris Nauroth Actions
        2.
        Implement RPC stubs Sub-task Resolved Haohui Mai Actions
        3.
        DistributedFileSystem: implement modifyAclEntries, removeAclEntries and removeAcl. Sub-task Resolved Haohui Mai Actions
        4.
        DistributedFileSystem: implement removeDefaultAcl. Sub-task Resolved Haohui Mai Actions
        5.
        DistributedFileSystem: add support for recursive flag in ACL methods. Sub-task Resolved Unassigned Actions
        6.
        libHDFS: implement hdfsGetAcls and hdfsSetAcl. Sub-task Resolved Unassigned Actions
        7.
        libHDFS: implement hdfsModifyAclEntries, hdfsRemoveAclEntries and hdfsRemoveAcl. Sub-task Resolved Unassigned Actions
        8.
        libHDFS: implement hdfsRemoveDefaultAcl. Sub-task Resolved Unassigned Actions
        9.
        libHDFS: add support for recursive flag in ACL functions. Sub-task Resolved Unassigned Actions
        10.
        WebHDFS: implement ACL APIs. Sub-task Resolved Sachin Jose Actions
        11.
        WebHDFS: implement MODIFYACLENTRIES, REMOVEACLENTRIES and REMOVEACL. Sub-task Resolved Sachin Jose Actions
        12.
        WebHDFS: implement REMOVEDEFAULTACL. Sub-task Resolved R J Actions
        13.
        WebHDFS: add support for recursive flag in ACL operations. Sub-task Resolved R J Actions
        14.
        NameNode: change all permission checks to enforce ACLs in addition to permissions. Sub-task Resolved Chris Nauroth Actions
        15.
        NameNode: implement handling of ACLs in combination with symlinks. Sub-task Resolved Chris Nauroth Actions
        16.
        NameNode: implement handling of ACLs in combination with snapshots. Sub-task Resolved Chris Nauroth Actions
        17.
        NameNode: implement handling of ACLs in combination with sticky bit. Sub-task Resolved Chris Nauroth Actions
        18.
        NameNode: implement default ACL handling. Sub-task Resolved Chris Nauroth Actions
        19.
        NameNode: enforce maximum number of ACL entries. Sub-task Resolved Chris Nauroth Actions
        20.
        NameNode: persist ACLs in fsimage. Sub-task Resolved Haohui Mai Actions
        21.
        NameNode: record ACL modifications to edit log. Sub-task Resolved Haohui Mai Actions
        22.
        NameNode: implement Global ACL Set as a memory optimization. Sub-task Resolved Chris Nauroth Actions
        23.
        NameNode: change startup progress to track loading INode ACL Map. Sub-task Resolved Unassigned Actions
        24.
        NameNode: add tests for skipping ACL enforcement when permission checks are disabled, user is superuser or user is member of supergroup. Sub-task Closed Chris Nauroth Actions
        25.
        Write end user documentation for HDFS ACLs. Sub-task Resolved Chris Nauroth Actions
        26.
        HDFS implementation of FileContext API for ACLs. Sub-task Closed Vinayakumar B Actions
        27.
        Implement ACL as a INode feature Sub-task Resolved Haohui Mai Actions
        28.
        Implement logic for modification of ACLs. Sub-task Resolved Chris Nauroth Actions
        29.
        FsShell Cli: Add XML based End-to-End test for getfacl and setfacl commands Sub-task Resolved Vinayakumar B Actions
        30.
        NameNode: complete implementation of inode modifications for ACLs. Sub-task Resolved Chris Nauroth Actions
        31.
        Add CLI test for Ls output for extended ACL marker Sub-task Resolved Vinayakumar B Actions
        32.
        Add configuration flag to disable/enable support for ACLs. Sub-task Resolved Chris Nauroth Actions
        33.
        Incorporate ACLs with the changes from HDFS-5698 Sub-task Resolved Haohui Mai Actions
        34.
        Do not persist the ACL bit in the FsPermission Sub-task Resolved Haohui Mai Actions
        35.
        Ls should display the ACL bit Sub-task Resolved Chris Nauroth Actions
        36.
        Optimize the FSImage layout for ACLs Sub-task Resolved Haohui Mai Actions

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            cnauroth Chris Nauroth Assign to me
            sachinjose2007@gmail.com Sachin Jose
            Votes:
            2 Vote for this issue
            Watchers:
            45 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment