After discuss with Uma, we should refine setting permissions of user and trusted namespace xattrs.
1. For user namespace xattrs, In
HDFS-6374, says "setXAttr should require the user to be the owner of the file or directory", we have a bit misunderstanding. It actually is:
The access permissions for user attributes are defined by the file permission bits. only regular files and directories can have extended attributes. For sticky directories, only the owner and privileged user can write attributes.
We can refer to linux source code in http://lxr.free-electrons.com/source/fs/xattr.c?v=2.6.35
I also check in linux, it's controlled by the file permission bits for regular files and directories (not sticky).
2. For trusted namespace, currently we require the user should be owner and superuser. Actually superuser is enough.