[jira] [Commented] (HADOOP-10213) setfacl -x should reject attempts to include permissions in the ACL spec.

Sat, 18 Jan 2014 09:20:49 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-10213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13875692#comment-13875692
 ] 

Chris Nauroth commented on HADOOP-10213:
----------------------------------------

Thanks for making those changes.  I found one more thing.  
{{AclEntry#parseAclSpec}} is setting the name of the {{AclEntry}} to an empty 
{{String}} when the name is unspecified in the input string.  This can cause 
validation failures on the server side when we try to check that the caller 
didn't specify a name for entries that do not permit a name.  For example, the 
other entry can never have a name, so the NameNode will throw an exception back 
to the client if it tries to do something like setfacl -m other:vinay:rwx.  I'm 
pasting below a small diff that fixes the problem.  Could you please 
incorporate this into your patch and add another test in {{TestAclCommands}} to 
cover this?  Thanks again!

{code}
diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/permission/AclEntry.java
 b/hadoo
index 6143ef8..7de6115 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/permission/AclEntry.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/permission/AclEntry.java
@@ -249,7 +249,10 @@ private AclEntry(AclEntryType type, String name, FsAction 
permission, AclEntrySc
             "Invalid type of acl in <aclSpec> :" + aclStr);
       }
 
-      builder.setName(split[index++]);
+      String name = split[index++];
+      if (!name.isEmpty()) {
+        builder.setName(name);
+      }
 
       if (expectedAclSpecLength == 3) {
         String permission = split[index++];
{code}


> setfacl -x should reject attempts to include permissions in the ACL spec.
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-10213
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10213
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: tools
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Vinay
>         Attachments: HADOOP-10213.patch, HADOOP-10213.patch, 
> HADOOP-10213.patch, HADOOP-10213.patch
>
>
> When calling setfacl -x to remove ACL entries, it does not make sense for the 
> entries in the ACL spec to contain permissions.  The permissions should be 
> unspecified, and the CLI should return an error if the user attempts to 
> provide permissions.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to