[ https://issues.apache.org/jira/browse/HDFS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daryn Sharp resolved HDFS-13038. -------------------------------- Resolution: Not A Problem > User with no permission on file is able to run getfacl for that file > -------------------------------------------------------------------- > > Key: HDFS-13038 > URL: https://issues.apache.org/jira/browse/HDFS-13038 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Namit Maheshwari > Assignee: Lokesh Jain > Priority: Major > Attachments: HDFS-13038.001.patch > > > Currently any user with EXECUTE permission can run getfacl on a file or > directory. This Jira adds a check for READ access of user on the inode path. > {code:java} > [root@host ~]$ hdfs dfs -copyFromLocal /etc/a.txt /tmp > [root@host ~]$ hdfs dfs -setfacl -m user:abc:--- /tmp/a.txt > {code} > Since user abc does not have read permission on the file 'cat' command throws > Permission Denied error but getfacl executes normally. > {code:java} > [abc@host ~]$ hdfs dfs -cat /tmp/a.txt > cat: Permission denied: user=abc, access=READ, > inode="/tmp/a.txt":abc:hdfs:-rw-r--r-- > [abc@host ~]$ hdfs dfs -getfacl /tmp/a.txt > # file: /tmp/a.txt > # owner:root > # group: hdfs > user::rw- > user:abc:--- > group::r-- > mask::r-- > other::r-- > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org