Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.2
    • Fix Version/s: 2.4.0
    • Component/s: hdfs-client, namenode, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      HDFS now supports ACLs (Access Control Lists). ACLs can specify fine-grained file permissions for specific named users or named groups.

      Description

      Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be achieved using getfacl and setfacl utilities. Is there anybody working on this feature ?

      1. Test-Plan-for-Extended-Acls-2.pdf
        166 kB
        Yesha Vora
      2. Test-Plan-for-Extended-Acls-1.pdf
        131 kB
        Chris Nauroth
      3. HDFS-ACLs-Design-3.pdf
        572 kB
        Chris Nauroth
      4. HDFS-ACLs-Design-2.pdf
        454 kB
        Chris Nauroth
      5. HDFS-ACLs-Design-1.pdf
        448 kB
        Chris Nauroth
      6. HDFS-4685-branch-2.1.patch
        561 kB
        Chris Nauroth
      7. HDFS-4685.4.patch
        538 kB
        Chris Nauroth
      8. HDFS-4685.3.patch
        540 kB
        Chris Nauroth
      9. HDFS-4685.2.patch
        540 kB
        Chris Nauroth
      10. HDFS-4685.1.patch
        519 kB
        Chris Nauroth

        Issue Links

        1.
        NameNode: implement AclManager as abstraction over INode ACL Map. Sub-task Resolved Chris Nauroth
         
        2.
        Implement RPC stubs Sub-task Resolved Haohui Mai
         
        3.
        DistributedFileSystem: implement modifyAclEntries, removeAclEntries and removeAcl. Sub-task Resolved Haohui Mai
         
        4.
        DistributedFileSystem: implement removeDefaultAcl. Sub-task Resolved Haohui Mai
         
        5.
        DistributedFileSystem: add support for recursive flag in ACL methods. Sub-task Resolved Unassigned
         
        6.
        libHDFS: implement hdfsGetAcls and hdfsSetAcl. Sub-task Resolved Unassigned
         
        7.
        libHDFS: implement hdfsModifyAclEntries, hdfsRemoveAclEntries and hdfsRemoveAcl. Sub-task Resolved Unassigned
         
        8.
        libHDFS: implement hdfsRemoveDefaultAcl. Sub-task Resolved Unassigned
         
        9.
        libHDFS: add support for recursive flag in ACL functions. Sub-task Resolved Unassigned
         
        10.
        WebHDFS: implement ACL APIs. Sub-task Resolved Sachin Jose
         
        11.
        WebHDFS: implement MODIFYACLENTRIES, REMOVEACLENTRIES and REMOVEACL. Sub-task Resolved Sachin Jose
         
        12.
        WebHDFS: implement REMOVEDEFAULTACL. Sub-task Resolved R J
         
        13.
        WebHDFS: add support for recursive flag in ACL operations. Sub-task Resolved R J
         
        14.
        NameNode: change all permission checks to enforce ACLs in addition to permissions. Sub-task Resolved Chris Nauroth
         
        15.
        NameNode: implement handling of ACLs in combination with symlinks. Sub-task Resolved Chris Nauroth
         
        16.
        NameNode: implement handling of ACLs in combination with snapshots. Sub-task Resolved Chris Nauroth
         
        17.
        NameNode: implement handling of ACLs in combination with sticky bit. Sub-task Resolved Chris Nauroth
         
        18.
        NameNode: implement default ACL handling. Sub-task Resolved Chris Nauroth
         
        19.
        NameNode: enforce maximum number of ACL entries. Sub-task Resolved Chris Nauroth
         
        20.
        NameNode: persist ACLs in fsimage. Sub-task Resolved Haohui Mai
         
        21.
        NameNode: record ACL modifications to edit log. Sub-task Resolved Haohui Mai
         
        22.
        NameNode: implement Global ACL Set as a memory optimization. Sub-task Resolved Chris Nauroth
         
        23.
        NameNode: change startup progress to track loading INode ACL Map. Sub-task Resolved Unassigned
         
        24.
        NameNode: add tests for skipping ACL enforcement when permission checks are disabled, user is superuser or user is member of supergroup. Sub-task Closed Chris Nauroth
         
        25.
        Write end user documentation for HDFS ACLs. Sub-task Resolved Chris Nauroth
         
        26.
        HDFS implementation of FileContext API for ACLs. Sub-task Closed Vinayakumar B
         
        27.
        Implement ACL as a INode feature Sub-task Resolved Haohui Mai
         
        28.
        Implement logic for modification of ACLs. Sub-task Resolved Chris Nauroth
         
        29.
        FsShell Cli: Add XML based End-to-End test for getfacl and setfacl commands Sub-task Resolved Vinayakumar B
         
        30.
        NameNode: complete implementation of inode modifications for ACLs. Sub-task Resolved Chris Nauroth
         
        31.
        Add CLI test for Ls output for extended ACL marker Sub-task Resolved Vinayakumar B
         
        32.
        Add configuration flag to disable/enable support for ACLs. Sub-task Resolved Chris Nauroth
         
        33.
        Incorporate ACLs with the changes from HDFS-5698 Sub-task Resolved Haohui Mai
         
        34.
        Do not persist the ACL bit in the FsPermission Sub-task Resolved Haohui Mai
         
        35.
        Ls should display the ACL bit Sub-task Resolved Chris Nauroth
         
        36.
        Optimize the FSImage layout for ACLs Sub-task Resolved Haohui Mai
         

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Chris Nauroth
              Reporter:
              Sachin Jose
            • Votes:
              2 Vote for this issue
              Watchers:
              45 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development