[jira] [Commented] (HDFS-5117) Allow the owner of an HDFS path to be a group

Wed, 21 Aug 2013 18:34:14 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-5117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13747138#comment-13747138
 ] 

Colin Patrick McCabe commented on HDFS-5117:
--------------------------------------------

OK, I can see that you want two groups.  I missed that when reading the 
original description.  Sorry.  Still, I think you can accomplish this without 
any code changes.

Create two groups: "readers" and "writers."

Then if you have a directory structure like this: /items/file

You set /items to have group = readers, mode = 750, and /items/file to have 
group = writers, mode = 754.

Users not in readers cannot access the file.  Users in readers but not in 
writers can see the file, but not access it.  Users in writers can write to the 
file.

We are going to implement ACLs at some point (see HDFS-4685).  I think that it 
would be better to implement real ACLs than add hacks, since we'll have to 
maintain them going forward.
                
> Allow the owner of an HDFS path to be a group
> ---------------------------------------------
>
>                 Key: HDFS-5117
>                 URL: https://issues.apache.org/jira/browse/HDFS-5117
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: hdfs-client
>            Reporter: Ryan Hennig
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> At eBay, we have the need to associate some HDFS paths with a set of users 
> with write access, a set of users with read-only access, and neither read or 
> write to others.
> The current model of POSIX-style permissions is nearly sufficient for this, 
> except for the need of multiple writers.
> One easy fix would be to allow the owner of a path to be a group, and then 
> grant owner permissions to all members of that group.  I have verified that 
> HDP 1.3 allows you to set the owner of a path to a group without error, but 
> the owner permissions of that group are not given to members of the group.
> I've created a relatively simple fix for this by modifying the "check" method 
> in src/hdfs/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java 
> and I am working on related changes to unit tests etc now.
> - Ryan

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to