Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-7389

Named user ACL cannot stop the user from accessing the FS entity.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.1
    • Fix Version/s: 2.7.0
    • Component/s: namenode
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/:

      It’s important to keep in mind the order of evaluation for ACL entries when a user attempts to access a file system object:

      1. If the user is the file owner, then the owner permission bits are enforced.
      2. Else if the user has a named user ACL entry, then those permissions are enforced.
      3. Else if the user is a member of the file’s group or any named group in an ACL entry, then the union of permissions for all matching entries are enforced. (The user may be a member of multiple groups.)
      4. If none of the above were applicable, then the other permission bits are enforced.

      Assume we have a user UserA from group GroupA, if we config a directory as following ACL entries:
      group:GroupA:rwx
      user:UserA:---

      According to the design spec above, userA should have no access permission to the file object, while actually userA still has rwx access to the dir.

        Attachments

        1. HDFS-7389-002.patch
          4 kB
          Vinayakumar B
        2. HDFS-7389-001.patch
          4 kB
          Vinayakumar B

          Activity

            People

            • Assignee:
              vinayakumarb Vinayakumar B
              Reporter:
              chunjun.xiao Chunjun Xiao
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: