[jira] [Updated] (HDFS-6570) add api that enables checking if a user has certain permissions on a file

Thu, 26 Jun 2014 16:57:07 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-6570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chris Nauroth updated HDFS-6570:
--------------------------------

    Attachment: HDFS-6570-prototype.1.patch

I'm attaching a prototype patch that defines the new API in {{FileSystem}}, 
{{FileContext}} and {{AbstractFileSystem}}.  To maintain compatibility for 
existing subclasses, I've provided a base class implementation that calls 
{{getFileStatus}} and then does the typical POSIX permissions check.  Any file 
system that supports a richer permissions model would override this logic in 
its subclass.

[~thejas], would you please review the API definition in {{FileSystem}}?  I'd 
like to make sure this meets the needs of Hive before we proceed with full 
implementation in HDFS and WebHDFS.  Thanks!

> add api that enables checking if a user has certain permissions on a file
> -------------------------------------------------------------------------
>
>                 Key: HDFS-6570
>                 URL: https://issues.apache.org/jira/browse/HDFS-6570
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Thejas M Nair
>            Assignee: Chris Nauroth
>         Attachments: HDFS-6570-prototype.1.patch
>
>
> For some of the authorization modes in Hive, the servers in Hive check if a 
> given user has permissions on a certain file or directory. For example, the 
> storage based authorization mode allows hive table metadata to be modified 
> only when the user has access to the corresponding table directory on hdfs. 
> There are likely to be such use cases outside of Hive as well.
> HDFS does not provide an api for such checks. As a result, the logic to check 
> if a user has permissions on a directory gets replicated in Hive. This 
> results in duplicate logic and there introduces possibilities for 
> inconsistencies in the interpretation of the permission model. This becomes a 
> bigger problem with the complexity of ACL logic.
> HDFS should provide an api that provides functionality that is similar to 
> access function in unistd.h - http://linux.die.net/man/2/access .



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to