[
https://issues.apache.org/jira/browse/HDFS-12895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16291281#comment-16291281
]
Íñigo Goiri commented on HDFS-12895:
------------------------------------
Thanks [~yiqun] for the fixes in [^HDFS-12895.006.patch].
I'm OK with assuming that the users won't be able to modify their own entries
(after all, we don't know if they were the ones creating them), at least now
with the 755 by default, they can see the ACL to identify the issue and the
superuser can fix that.
Only a minor nit, for consistency with the other methods, I would use the
{{hasMode()}} structure for {{MountTablePBImpl#getMode()}}. Something like:
{code}
@Override
public FsPermission getMode() {
MountTableRecordProtoOrBuilder proto = this.translator.getProtoOrBuilder();
short mode = RouterPermissionChecker.MOUNT_TABLE_PERMISSION_DEFAULT;
if (proto.hasMode()) {
mode = proto.getMode();
}
return new FsPermission(mode);
}
{code}
This is not exactly the same behavior you had with the 0 case but it should be
more flexible as it actually allows setting the mode to 000 (not sure who would
do that but...).
I tested this in our clusters and the failed unit tests are not related.
+1
> RBF: Add ACL support for mount table
> ------------------------------------
>
> Key: HDFS-12895
> URL: https://issues.apache.org/jira/browse/HDFS-12895
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Affects Versions: 3.0.0-alpha3
> Reporter: Yiqun Lin
> Assignee: Yiqun Lin
> Labels: RBF
> Attachments: HDFS-12895.001.patch, HDFS-12895.002.patch,
> HDFS-12895.003.patch, HDFS-12895.004.patch, HDFS-12895.005.patch,
> HDFS-12895.006.patch
>
>
> Adding ACL support for the Mount Table management. Following is the initial
> design of ACL control for the mount table management.
> Each mount table has its owner, group name and permission.
> The mount table permissions (FsPermission), here we use
> {{org.apache.hadoop.fs.permission.FsPermission}} to do the access check:
> # READ permission: you can read the mount table info.
> # WRITE permission: you can add remove or update this mount table info.
> # EXECUTE permission: This won't be used.
> The add command of mount table will be extended like this
> {noformat}
> $HADOOP_HOME/bin/hdfs dfsrouteradmin [-add <source> <nameservice>
> <destination> [-owner <owner>] [-group <group>] [-mode <mode>]]
> {noformat}
> *<mode> is UNIX-style permissions for the mount table. Permissions are
> specified in octal, e.g. 0755. By default, this is set to 0755*.
> If we want update the ACL info of specfied mount table, just execute add
> command again. This command not only adding for new mount talle but also
> updating mount table once it finds given mount table is existed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
