[
https://issues.apache.org/jira/browse/HDFS-7447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054098#comment-15054098
]
Harsh J commented on HDFS-7447:
-------------------------------
bq. The number of entries in a single ACL is capped at a maximum of 32.
Attempts to add ACL entries exceeding the maximum will fail with a userĀfacing
error. This is done for 2 reasons: to simplify management, and to limit
resource consumption. ACLs with a very high number of entries tend to become
difficult to understand and may indicate that the requirements are better
implemented by defining additional groups or users. ACLs with a very high
number of entries also would require more memory and storage and take longer to
evaluate on each permission check. The number 32 is chosen for consistency with
the maximum number of ACL entries enforced by the ext family of file systems. -
https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
> Number of maximum Acl entries on a File/Folder should be made user
> configurable than hardcoding .
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-7447
> URL: https://issues.apache.org/jira/browse/HDFS-7447
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: J.Andreina
>
> By default on creating a folder1 will have 6 acl entries . On top of that
> assigning acl on a folder1 exceeds 32 , then unable to assign acls for a
> group/user to folder1.
> {noformat}
> 2014-11-20 18:55:06,553 ERROR [qtp1279235236-17 - /rolexml/role/modrole]
> Error occured while setting permissions for Resource:[
> hdfs://hacluster/folder1 ] and Error message is : Invalid ACL: ACL has 33
> entries, which exceeds maximum of 32.
> at
> org.apache.hadoop.hdfs.server.namenode.AclTransformation.buildAndValidateAcl(AclTransformation.java:274)
> at
> org.apache.hadoop.hdfs.server.namenode.AclTransformation.mergeAclEntries(AclTransformation.java:181)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.unprotectedModifyAclEntries(FSDirectory.java:2771)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.modifyAclEntries(FSDirectory.java:2757)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.modifyAclEntries(FSNamesystem.java:7734)
> {noformat}
> Here value 32 is hardcoded , which can be made user configurable.
> {noformat}
> private static List buildAndValidateAcl(ArrayList aclBuilder)
> throws AclException
> {
> if(aclBuilder.size() > 32)
> throw new AclException((new StringBuilder()).append("Invalid ACL:
> ACL has ").append(aclBuilder.size()).append(" entries, which exceeds maximum
> of ").append(32).append(".").toString());
> :
> :
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
