[
https://issues.apache.org/jira/browse/HDFS-4685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839104#comment-13839104
]
Chris Nauroth commented on HDFS-4685:
-------------------------------------
1. Yes, extended attributes or labels would need to be added later as a
separate feature. If we ever decide to do that, then I expect a lot of the
implementation details of ACLs could be generalized and lifted into the
implementation of extended attributes. (For example, I expect copy-on-write
and the other storage optimizations discussed in the Persistence section would
be applicable to an implementation of extended attributes too.) The choice of
which authorization mechanism to use (permission bits, ACLs, or ABAC if we ever
implement it) is left to the end user. If management of multiple mechanisms
creates complexity, then the deployment may choose to use just one or the other
exclusively.
2. The file owner is allowed to call setfacl. Any user with read permissions
on the file is allowed to call getfacl. Additionally, the HDFS super-user is
allowed to call setfacl and getfacl on any file. This is equivalent to the
current state of affairs with permission bits. I'll add some text about this
in the next revision of the design doc. Thanks!
> Implementation of ACLs in HDFS
> ------------------------------
>
> Key: HDFS-4685
> URL: https://issues.apache.org/jira/browse/HDFS-4685
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: hdfs-client, namenode, security
> Affects Versions: 1.1.2
> Reporter: Sachin Jose
> Assignee: Chris Nauroth
> Attachments: HDFS-ACLs-Design-1.pdf
>
>
> Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be
> achieved using getfacl and setfacl utilities. Is there anybody working on
> this feature ?
--
This message was sent by Atlassian JIRA
(v6.1#6144)
