Lokesh Jain created HDFS-13038: ---------------------------------- Summary: User with no permission on file is able to run getfacl for that file Key: HDFS-13038 URL: https://issues.apache.org/jira/browse/HDFS-13038 Project: Hadoop HDFS Issue Type: Bug Reporter: Lokesh Jain Assignee: Lokesh Jain
Currently any user with EXECUTE permission can run getfacl on a file or directory. This Jira adds a check for READ access of user on the inode path. {code:java} [root@host ~]$ hdfs dfs -copyFromLocal /etc/a.txt /tmp [root@host ~]$ hdfs dfs -setfacl -m user:abc:--- /tmp/a.txt {code} Since user abc does not have read permission on the file 'cat' command throws Permission Denied error but getfacl executes normally. {code:java} [abc@host ~]$ hdfs dfs -cat /tmp/a.txt cat: Permission denied: user=abc, access=READ, inode="/tmp/a.txt":abc:hdfs:-rw-r--r-- [abc@host ~]$ hdfs dfs -getfacl /tmp/a.txt # file: /tmp/a.txt # owner:root # group: hdfs user::rw- user:abc:--- group::r-- mask::r-- other::r-- {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org