[
https://issues.apache.org/jira/browse/HADOOP-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HADOOP-10277:
-----------------------------------
Attachment: HADOOP-10277.1.patch
Thanks for volunteering to take this, [~vinayrpet]. I did have a patch in
progress, so I'll just attach the work I've done so far and ask you if you want
to do anything more with this.
As part of this patch, I also wanted to refactor {{AclEntry#parseAclSpec}} so
that the logic of parsing a single entry is in a separate public static method:
{{AclEntry#parseAclEntry}}. That's going to be helpful for the HDFS-5608
WebHDFS patch. I didn't get the refactoring done yet in this version of the
patch.
bq. But my doubt is, whether removing the mask is allowed ?
Actually, you are correct. I was incorrect when I said earlier that you can
remove the mask to trigger automatic recalculation. It is invalid to attempt
to remove the mask from an ACL that needs it, however, the error should get
reported from the server side instead of a failure to parse the ACL spec. We
already have the code to do this in the NameNode in
{{AclTransformation#buildAndValidateAcl}}. The parsing still needs to be able
to parse a mask entry with no permission, because it is valid to remove the
mask entry if you're also removing all other extended ACL entries (reducing it
from an extended ACL back to a minimal ACL). See below for an example on Linux.
{code}
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
user:bruce:rwx #effective:r--
group::rw- #effective:r--
mask::r--
other::r--
[cnauroth@ubuntu:pts/0] acltest
> setfacl -x mask:: file1
setfacl: file1: Malformed access ACL
`user::rw-,user:bruce:rwx,group::rw-,other::r--': Missing or wrong entry at
entry 4
[cnauroth@ubuntu:pts/0] acltest
> setfacl -x mask::,user:bruce: file1
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
group::rw-
other::r--
{code}
> setfacl -x fails to parse ACL spec if trying to remove the mask entry.
> ----------------------------------------------------------------------
>
> Key: HADOOP-10277
> URL: https://issues.apache.org/jira/browse/HADOOP-10277
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HADOOP-10277.1.patch
>
>
> You should be able to use setfacl -x to remove the mask entry (which then
> triggers recalculation of an automatically inferred mask if the file has an
> extended ACL). Right now, this causes a failure to parse the ACL spec due to
> a bug in {{AclEntry#parseAclSpec}}.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
