[
https://issues.apache.org/jira/browse/HDFS-13038?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp resolved HDFS-13038.
--------------------------------
Resolution: Not A Problem
> User with no permission on file is able to run getfacl for that file
> --------------------------------------------------------------------
>
> Key: HDFS-13038
> URL: https://issues.apache.org/jira/browse/HDFS-13038
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Namit Maheshwari
> Assignee: Lokesh Jain
> Priority: Major
> Attachments: HDFS-13038.001.patch
>
>
> Currently any user with EXECUTE permission can run getfacl on a file or
> directory. This Jira adds a check for READ access of user on the inode path.
> {code:java}
> [root@host ~]$ hdfs dfs -copyFromLocal /etc/a.txt /tmp
> [root@host ~]$ hdfs dfs -setfacl -m user:abc:--- /tmp/a.txt
> {code}
> Since user abc does not have read permission on the file 'cat' command throws
> Permission Denied error but getfacl executes normally.
> {code:java}
> [abc@host ~]$ hdfs dfs -cat /tmp/a.txt
> cat: Permission denied: user=abc, access=READ,
> inode="/tmp/a.txt":abc:hdfs:-rw-r--r--
> [abc@host ~]$ hdfs dfs -getfacl /tmp/a.txt
> # file: /tmp/a.txt
> # owner:root
> # group: hdfs
> user::rw-
> user:abc:---
> group::r--
> mask::r--
> other::r--
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
