Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.2
    • Fix Version/s: 2.4.0
    • Component/s: hdfs-client, namenode, security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed
    • Release Note:
      HDFS now supports ACLs (Access Control Lists). ACLs can specify fine-grained file permissions for specific named users or named groups.

      Description

      Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be achieved using getfacl and setfacl utilities. Is there anybody working on this feature ?

        Attachments

        1. HDFS-4685.1.patch
          519 kB
          Chris Nauroth
        2. HDFS-4685.2.patch
          540 kB
          Chris Nauroth
        3. HDFS-4685.3.patch
          540 kB
          Chris Nauroth
        4. HDFS-4685.4.patch
          538 kB
          Chris Nauroth
        5. HDFS-4685-branch-2.1.patch
          561 kB
          Chris Nauroth
        6. HDFS-ACLs-Design-1.pdf
          448 kB
          Chris Nauroth
        7. HDFS-ACLs-Design-2.pdf
          454 kB
          Chris Nauroth
        8. HDFS-ACLs-Design-3.pdf
          572 kB
          Chris Nauroth
        9. Test-Plan-for-Extended-Acls-1.pdf
          131 kB
          Chris Nauroth
        10. Test-Plan-for-Extended-Acls-2.pdf
          166 kB
          Yesha Vora

          Issue Links

          1.
          NameNode: implement AclManager as abstraction over INode ACL Map. Sub-task Resolved Chris Nauroth
          2.
          Implement RPC stubs Sub-task Resolved Haohui Mai
          3.
          DistributedFileSystem: implement modifyAclEntries, removeAclEntries and removeAcl. Sub-task Resolved Haohui Mai
          4.
          DistributedFileSystem: implement removeDefaultAcl. Sub-task Resolved Haohui Mai
          5.
          DistributedFileSystem: add support for recursive flag in ACL methods. Sub-task Resolved Unassigned
          6.
          libHDFS: implement hdfsGetAcls and hdfsSetAcl. Sub-task Resolved Unassigned
          7.
          libHDFS: implement hdfsModifyAclEntries, hdfsRemoveAclEntries and hdfsRemoveAcl. Sub-task Resolved Unassigned
          8.
          libHDFS: implement hdfsRemoveDefaultAcl. Sub-task Resolved Unassigned
          9.
          libHDFS: add support for recursive flag in ACL functions. Sub-task Resolved Unassigned
          10.
          WebHDFS: implement ACL APIs. Sub-task Resolved Sachin Jose
          11.
          WebHDFS: implement MODIFYACLENTRIES, REMOVEACLENTRIES and REMOVEACL. Sub-task Resolved Sachin Jose
          12.
          WebHDFS: implement REMOVEDEFAULTACL. Sub-task Resolved R J
          13.
          WebHDFS: add support for recursive flag in ACL operations. Sub-task Resolved R J
          14.
          NameNode: change all permission checks to enforce ACLs in addition to permissions. Sub-task Resolved Chris Nauroth
          15.
          NameNode: implement handling of ACLs in combination with symlinks. Sub-task Resolved Chris Nauroth
          16.
          NameNode: implement handling of ACLs in combination with snapshots. Sub-task Resolved Chris Nauroth
          17.
          NameNode: implement handling of ACLs in combination with sticky bit. Sub-task Resolved Chris Nauroth
          18.
          NameNode: implement default ACL handling. Sub-task Resolved Chris Nauroth
          19.
          NameNode: enforce maximum number of ACL entries. Sub-task Resolved Chris Nauroth
          20.
          NameNode: persist ACLs in fsimage. Sub-task Resolved Haohui Mai
          21.
          NameNode: record ACL modifications to edit log. Sub-task Resolved Haohui Mai
          22.
          NameNode: implement Global ACL Set as a memory optimization. Sub-task Resolved Chris Nauroth
          23.
          NameNode: change startup progress to track loading INode ACL Map. Sub-task Resolved Unassigned
          24.
          NameNode: add tests for skipping ACL enforcement when permission checks are disabled, user is superuser or user is member of supergroup. Sub-task Closed Chris Nauroth
          25.
          Write end user documentation for HDFS ACLs. Sub-task Resolved Chris Nauroth
          26.
          HDFS implementation of FileContext API for ACLs. Sub-task Closed Vinayakumar B
          27.
          Implement ACL as a INode feature Sub-task Resolved Haohui Mai
          28.
          Implement logic for modification of ACLs. Sub-task Resolved Chris Nauroth
          29.
          FsShell Cli: Add XML based End-to-End test for getfacl and setfacl commands Sub-task Resolved Vinayakumar B
          30.
          NameNode: complete implementation of inode modifications for ACLs. Sub-task Resolved Chris Nauroth
          31.
          Add CLI test for Ls output for extended ACL marker Sub-task Resolved Vinayakumar B
          32.
          Add configuration flag to disable/enable support for ACLs. Sub-task Resolved Chris Nauroth
          33.
          Incorporate ACLs with the changes from HDFS-5698 Sub-task Resolved Haohui Mai
          34.
          Do not persist the ACL bit in the FsPermission Sub-task Resolved Haohui Mai
          35.
          Ls should display the ACL bit Sub-task Resolved Chris Nauroth
          36.
          Optimize the FSImage layout for ACLs Sub-task Resolved Haohui Mai

            Activity

              People

              • Assignee:
                cnauroth Chris Nauroth
                Reporter:
                sachinjose2007@gmail.com Sachin Jose
              • Votes:
                2 Vote for this issue
                Watchers:
                45 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: