Lokesh Jain created HDFS-13038:
----------------------------------
Summary: User with no permission on file is able to run getfacl
for that file
Key: HDFS-13038
URL: https://issues.apache.org/jira/browse/HDFS-13038
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Lokesh Jain
Assignee: Lokesh Jain
Currently any user with EXECUTE permission can run getfacl on a file or
directory. This Jira adds a check for READ access of user on the inode path.
{code:java}
[root@host ~]$ hdfs dfs -copyFromLocal /etc/a.txt /tmp
[root@host ~]$ hdfs dfs -setfacl -m user:abc:--- /tmp/a.txt
{code}
Since user abc does not have read permission on the file 'cat' command throws
Permission Denied error but getfacl executes normally.
{code:java}
[abc@host ~]$ hdfs dfs -cat /tmp/a.txt
cat: Permission denied: user=abc, access=READ,
inode="/tmp/a.txt":abc:hdfs:-rw-r--r--
[abc@host ~]$ hdfs dfs -getfacl /tmp/a.txt
# file: /tmp/a.txt
# owner:root
# group: hdfs
user::rw-
user:abc:---
group::r--
mask::r--
other::r--
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
