[jira] [Commented] (HDFS-5899) Add configuration flag to disable/enable support for ACLs.

Mon, 10 Feb 2014 10:33:44 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-5899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13896821#comment-13896821
 ] 

Colin Patrick McCabe commented on HDFS-5899:
--------------------------------------------

bq. dfs.permissions.enabled continues to work as expected, suppressing 
permission checks if set to false, whether the permissions are defined via 
permission bits or ACLs.
bq. The superuser is still immune to all permission checks, whether they come 
from permission bits or ACLs.
bq. If ACLs are not in use, then permission checks go through the exact same 
code path that we have in FSPermissionChecker today. We go down a separate path 
only if the inode has an ACL.

That makes sense to me.

bq. When ACLs are disabled, all APIs related to ACLs will fail intentionally, 
an fsimage containing an ACL will cause the NameNode to abort during startup, 
and ACLs present in the edit log will cause the NameNode to abort. 

bq. Existing ACLs never get wiped automatically. This recovery procedure is a 
conscious decision by the cluster admin.

I agree that we should never wipe ACLs automatically.  But what's the problem 
with just not enforcing them when {{dfs.namenode.acls.enabled}} is false?  Why 
do we have to fail to start up?  That seems like it will introduce problems for 
admins.

bq. If ACLs accidentally crept into the fsimage or edits (i.e. accidentally 
started with ACLs enabled, but now the admin wants to switch them off), then 
the recovery procedure would be to restart with ACLs enabled, remove all ACLs, 
save a new checkpoint, and then restart with ACLs disabled.

How do you propose that the admin do this?

> Add configuration flag to disable/enable support for ACLs.
> ----------------------------------------------------------
>
>                 Key: HDFS-5899
>                 URL: https://issues.apache.org/jira/browse/HDFS-5899
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>             Fix For: HDFS ACLs (HDFS-4685)
>
>         Attachments: HDFS-5899.1.patch, HDFS-5899.2.patch
>
>
> Add a new configuration property that allows administrators to toggle support 
> for HDFS ACLs on/off.  By default, the flag will be off.  This is a 
> conservative choice, and administrators interested in using ACLs can enable 
> it explicitly.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to