[jira] [Commented] (HDFS-4685) Implementation of ACLs in HDFS

Wed, 18 Dec 2013 15:25:04 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-4685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13852294#comment-13852294
 ] 

Chris Nauroth commented on HDFS-4685:
-------------------------------------

I can loop back now on the question of using inode features vs. the custom data 
structure I described in the design doc.

The patch in HDFS-5658 implements the feature approach.  Development on this 
has come together much more quickly than the custom approach that I was 
starting in HDFS-5595.  In the final analysis, the custom approach is more 
compact than the feature approach, at least for the first 64511 distinct ACLs 
in a namesystem, which can be referenced via reuse of unused space in the 
permission bits.  Beyond that number, the savings vanish, because we need to 
start involving the INode ACL Map as an external data structure with per-inode 
pointer overhead.  The custom approach requires much more complex code compared 
to the feature approach.

At this point, the plan is to go with the feature approach.  Most importantly, 
the feature approach still has the characteristic that people who don't use 
ACLs at all won't take any extra per-inode memory hit in their deployments.  We 
can keep the design doc for the custom approach here as a back-pocket idea if 
we find we really need it, but at this point it would likely be premature 
optimization.

In the next revision of the design doc, I'll make the changes to state that 
this is implemented as an inode feature.

> Implementation of ACLs in HDFS
> ------------------------------
>
>                 Key: HDFS-4685
>                 URL: https://issues.apache.org/jira/browse/HDFS-4685
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: hdfs-client, namenode, security
>    Affects Versions: 1.1.2
>            Reporter: Sachin Jose
>            Assignee: Chris Nauroth
>         Attachments: HDFS-ACLs-Design-1.pdf
>
>
> Currenly hdfs doesn't support Extended file ACL. In unix extended ACL can be 
> achieved using getfacl and setfacl utilities. Is there anybody working on 
> this feature ?



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to