Chunjun Xiao created HDFS-7389:
----------------------------------
Summary: Named user ACL cannot stop the user from accessing the FS
entity.
Key: HDFS-7389
URL: https://issues.apache.org/jira/browse/HDFS-7389
Project: Hadoop HDFS
Issue Type: Bug
Components: namenode
Affects Versions: 2.5.1
Reporter: Chunjun Xiao
In
http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/:
{quote}
It’s important to keep in mind the order of evaluation for ACL entries when a
user attempts to access a file system object:
1. If the user is the file owner, then the owner permission bits are enforced.
2. Else if the user has a named user ACL entry, then those permissions are
enforced.
3. Else if the user is a member of the file’s group or any named group in an
ACL entry, then the union of permissions for all matching entries are enforced.
(The user may be a member of multiple groups.)
4. If none of the above were applicable, then the other permission bits are
enforced.
{quote}
Assume we have a user UserA from group GroupA, if we config a directory as
following ACL entries:
group:GroupA:rwx
user:UserA:---
According to the design spec above, userA should have no access permission to
the file object, while actually userA still has rwx access to the dir.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
