[jira] [Commented] (HDFS-7384) 'getfacl' command and 'getAclStatus' output should be in sync

[Chris Nauroth (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-7384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14235777#comment-14235777
 ] 

Chris Nauroth commented on HDFS-7384:
-------------------------------------

Thanks for sticking through all of this code review feedback.  We're close now. 
 I promise!  :-)

# In {{AclStatus#getEffectivePermission}}, the {{maskPerm}} local variable is 
only used if processing an access entry (not default), so let's move that 
variable into the if block for access entries.
# Also in {{AclStatus#getEffectivePermission}}, the default entry code path has 
a precondition check that isn't always valid.  I thought of an edge case where 
this precondition check would fail and cause a bug.  It's possible to have a 
default ACL that is a minimal ACL, containing just the 3 entries corresponding 
to traditional POSIX permissions.  (See below for an example.)  In this case, 
the default ACL entry list has only 3 entries, and it fails the precondition 
check for {{size >= 4}}.  Since there are no extended ACL entries, there is no 
mask present.  The current code in {{AclCommands}} handles this case by 
checking {{AclUtil#isMinimalAcl}} and skipping the mask calculation if {{true}}.
# I see the patch passed Jenkins, so that tells me we don't have a unit test 
for the above case.  That would be a good thing to add in testAclCLI.xml.

{code}
> hdfs dfs -mkdir /testDefaultAcl2

> hdfs dfs -setfacl -m default:user::rwx /testDefaultAcl2

> hdfs dfs -getfacl /testDefaultAcl2
# file: /testDefaultAcl2
# owner: chris
# group: supergroup
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
{code}


> 'getfacl' command and 'getAclStatus' output should be in sync
> -------------------------------------------------------------
>
>                 Key: HDFS-7384
>                 URL: https://issues.apache.org/jira/browse/HDFS-7384
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Vinayakumar B
>            Assignee: Vinayakumar B
>         Attachments: HDFS-7384-001.patch, HDFS-7384-002.patch, 
> HDFS-7384-003.patch, HDFS-7384-004.patch, HDFS-7384-005.patch, 
> HDFS-7384-006.patch, HDFS-7384-007.patch, HDFS-7384-008.patch
>
>
> *getfacl* command will print all the entries including basic and extended 
> entries, mask entries and effective permissions.
> But, *getAclStatus* FileSystem API will return only extended ACL entries set 
> by the user. But this will not include the mask entry as well as effective 
> permissions.
> To benefit the client using API, better to include 'mask' entry and effective 
> permissions in the return list of entries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)