Thanks Owen for your reply! As mentioned in the Jira, default ACLs don't apply to rename. Any idea how rename can work without setting ACLs per file?
On Fri, Oct 16, 2020 at 7:25 PM Owen O'Malley <owen.omal...@gmail.com> wrote: > I'm very -1 on adding these semantics. > > When you create the table's directory, set the default ACL. That will have > exactly the effect that you are looking for without creating additional > semantics. > > .. Owen > > On Fri, Oct 16, 2020 at 7:02 PM Xinli shang <sha...@uber.com.invalid> > wrote: > > > Hi all, > > > > I opened https://issues.apache.org/jira/browse/HDFS-15638 and want to > > collect feedback from the community. I know whenever changing the > > permission model that follows POSIX model is never a trivial change. So > > please comment on if you have concerns. For reading convenience, here is > a > > copy of the ticket. > > > > *Problem*: Currently, when a user tries to accesses a file he/she needs > the > > permissions of it's parent and ancestors and the permission of that file. > > This is correct generally, but for Hive tables directories/files, all the > > files under a partition or even a table usually have the same permissions > > for the same set of ACL groups. Although the permissions and ACL groups > are > > the same, the writer still need to call setfacl() for every file to add > > LDAP groups. This results in a huge amount of RPC calls to NN. HDFS has > > default ACL to solve that but that only applies to create and copy, but > not > > apply to rename. However, in Hive ETL, rename is very common. > > > > *Proposal*: Add a 1-bit flag to directory inodes to indicate whether or > not > > it is a Hive table directory. If that flag is set, then all the > > sub-directory and files under it will just use it's permission and ACL > > groups settings. By doing this way, Hive ETL doesn't need to set > > permissions at the file level. If that flag is not set(by default), work > as > > before. To set/unset that flag, it would require admin privilege. > > > > -- > > Xinli Shang > > > -- Xinli Shang
