Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-6654

Setting Extended ACLs recursively for another user belonging to the same group is not working

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 2.4.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      1.Setting Extended ACL recursively for  a user belonging to the same group  is not working
      

      Step 1: Created a Dir1 with User1
      ./hdfs dfs -rm -R /Dir1
      Step 2: Changed the permission (600) for Dir1 recursively
      ./hdfs dfs -chmod -R 600 /Dir1
      Step 3: setfacls is executed to give read and write permissions to User2 which belongs to the same group as User1
      ./hdfs dfs setfacl -R -m user:User2:rw /Dir1

      ./hdfs dfs -getfacl -R /Dir1
      No GC_PROFILE is given. Defaults to medium.

      1. file: /Dir1
      2. owner: User1
      3. group: supergroup
        user::rw-
        user:User2:rw-
        group::---
        mask::rw-
        other::---
        Step 4: Now unable to write a File to Dir1 from User2

      ./hdfs dfs -put hadoop /Dir1/1
      No GC_PROFILE is given. Defaults to medium.
      put: Permission denied: user=User2, access=EXECUTE, inode="/Dir1":User1:supergroup:drw------

         2. Fetching filesystem name , when one of the disk configured for NN dir becomes full returns a value "null".
      

      2014-07-08 09:23:43,020 WARN org.apache.hadoop.hdfs.server.namenode.NameNodeResourceChecker: Space available on volume 'null' is 101060608, which is below the configured reserved amount 104857600
      2014-07-08 09:23:43,020 WARN org.apache.hadoop.hdfs.server.namenode.FSNamesystem: NameNode low on available disk space. Already in safe mode.
      2014-07-08 09:23:43,166 WARN org.apache.hadoop.hdfs.server.namenode.NameNodeResourceChecker: Space available on volume 'null' is 101060608, which is below the configured reserved amount 104857600

        Activity

        Hide
        Akira AJISAKA added a comment -

        Closing this issue. J.Andreina, please feel free to reopen this if you disagree.

        Show
        Akira AJISAKA added a comment - Closing this issue. J.Andreina , please feel free to reopen this if you disagree.
        Hide
        Akira AJISAKA added a comment -

        I was confused by looking at Test-Plan-for-Extended-Acls-2.pdf attached in HDFS-4685 . First scenairo mentioned in the issue works fine by giving executable permissions to User1.
        It would be helpful , if the following scenario is been updated in the Testplan.

        I don't think the plan should be updated because it is only to confirm if a permission is applied recursively.

        Show
        Akira AJISAKA added a comment - I was confused by looking at Test-Plan-for-Extended-Acls-2.pdf attached in HDFS-4685 . First scenairo mentioned in the issue works fine by giving executable permissions to User1. It would be helpful , if the following scenario is been updated in the Testplan. I don't think the plan should be updated because it is only to confirm if a permission is applied recursively.
        Hide
        Akira AJISAKA added a comment -

        Step 4: Now unable to write a File to Dir1 from User2

        This is by specification. User2 needs EXECUTE permission to write a file to Dir1.

        Fetching filesystem name , when one of the disk configured for NN dir becomes full returns a value "null".

        I suppose it has been fixed by HADOOP-10462. You will see the right value in the next release.

        Show
        Akira AJISAKA added a comment - Step 4: Now unable to write a File to Dir1 from User2 This is by specification. User2 needs EXECUTE permission to write a file to Dir1. Fetching filesystem name , when one of the disk configured for NN dir becomes full returns a value "null". I suppose it has been fixed by HADOOP-10462 . You will see the right value in the next release.
        Hide
        J.Andreina added a comment -

        I was confused by looking at Test-Plan-for-Extended-Acls-2.pdf attached in HDFS-4685 . First scenairo mentioned in the issue works fine by giving executable permissions to User1.

        It would be helpful , if the following scenario is been updated in the Testplan.

        Scenario No : 18
        Summary :
        set extended acl to grant Dan and Carla read acess.

        hdfs dfs -chmod -R 640 /user/bruce/ParentDir
        hdfs dfs setfacl -R -m user:Dan:r, user:Carla:r- /user/bruce/ParentDir
        hdfs dfs -getfacl -R /user/bruce/ParentDir
        Expected Result:
        Extended Acls should be applied to all the files/Dirs inside ParentDir

        In the above summary instead of giving just read permissions , executable permissions should also be given as below

        hdfs dfs -setfacl -R -m user:Dan:r-x, user:Carla:r-x /user/bruce/ParentDir

        Show
        J.Andreina added a comment - I was confused by looking at Test-Plan-for-Extended-Acls-2.pdf attached in HDFS-4685 . First scenairo mentioned in the issue works fine by giving executable permissions to User1. It would be helpful , if the following scenario is been updated in the Testplan. Scenario No : 18 Summary : set extended acl to grant Dan and Carla read acess. hdfs dfs -chmod -R 640 /user/bruce/ParentDir hdfs dfs setfacl -R -m user:Dan:r , user:Carla:r - /user/bruce/ParentDir hdfs dfs -getfacl -R /user/bruce/ParentDir Expected Result: Extended Acls should be applied to all the files/Dirs inside ParentDir In the above summary instead of giving just read permissions , executable permissions should also be given as below hdfs dfs -setfacl -R -m user:Dan:r-x, user:Carla:r-x /user/bruce/ParentDir

          People

          • Assignee:
            Unassigned
            Reporter:
            J.Andreina
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development