[jira] [Commented] (HDFS-7384) 'getfacl' command and 'getAclStatus' output should be in sync

Wed, 26 Nov 2014 12:35:23 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-7384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14226786#comment-14226786
 ] 

Chris Nauroth commented on HDFS-7384:
-------------------------------------

Hi [~vinayrpet].  Thank you for the follow-up.  For this version of the patch, 
I have one compatibility concern and a few minor nitpicks.

# {{AclStatus#getEffectivePermission}}: I think there is a compatibility 
problem in this method.  Let's assume this patch goes into 2.7.0, and then we 
run a 2.7.0 client connected to a 2.6.0 NameNode.  The old NameNode will not 
populate the new permissions field in the outbound {{AclStatus}}.  The 2.7.0 
client would go into the null check path and not apply any mask, resulting in 
{{hdfs dfs -getfacl}} reporting incorrect effective permissions.  For 
compatibility, I think the shell will need a way to detect that the NameNode 
didn't populate permissions, and fall back to the current logic of using 
permissions from {{FileStatus}}.
# {{AclStatus#getPermission}}: I suggest adding JavaDocs.
# {{AclStatus#Builder#setPermission}}: I suggest removing the word "default" 
here, just to prevent any confusion that this is somehow related to default 
ACLs.  Same thing for the private {{AclStatus}} constructor.
# Let's update the documentation in WebHDFS.apt.vm to show the new fields in 
the GETACLSTATUS example JSON response.


> 'getfacl' command and 'getAclStatus' output should be in sync
> -------------------------------------------------------------
>
>                 Key: HDFS-7384
>                 URL: https://issues.apache.org/jira/browse/HDFS-7384
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7384-001.patch, HDFS-7384-002.patch, 
> HDFS-7384-003.patch, HDFS-7384-004.patch, HDFS-7384-005.patch
>
>
> *getfacl* command will print all the entries including basic and extended 
> entries, mask entries and effective permissions.
> But, *getAclStatus* FileSystem API will return only extended ACL entries set 
> by the user. But this will not include the mask entry as well as effective 
> permissions.
> To benefit the client using API, better to include 'mask' entry and effective 
> permissions in the return list of entries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to