[
https://issues.apache.org/jira/browse/HADOOP-10270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13880247#comment-13880247
]
Chris Nauroth commented on HADOOP-10270:
----------------------------------------
See below for example output from getfacl on Linux. The logic for this would
be:
{code}
Find the mask entry within the scope, either access or default.
Go back and iterate through all entries.
If entry is named user, named group, or unnamed group
Calculate effective permissions by applying the mask from the same scope
using {{FsAction#and}}.
If effective permissions are different from actual permissions
Also display effective permissions.
{code}
The effective permissions are not displayed if the mask doesn't turn any
permissions off.
{code}
> getfacl dir1
# file: dir1
# owner: cnauroth
# group: cnauroth
user::rw-
user:bruce:rwx #effective:r--
user:diana:r--
group::rw- #effective:r--
mask::r--
other::r--
user::rw-
default:user:bruce:rwx #effective:r--
default:user:diana:r--
default:group::rw- #effective:r--
default:mask::r--
default:other::r--
{code}
> getfacl does not display effective permissions of masked entries.
> -----------------------------------------------------------------
>
> Key: HADOOP-10270
> URL: https://issues.apache.org/jira/browse/HADOOP-10270
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Priority: Minor
>
> The mask entry of an ACL can be changed to restrict permissions that would be
> otherwise granted via named user and group entries. In these cases, the
> typical implementation of getfacl also displays the effective permissions
> after applying the mask.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
