[jira] [Commented] (HDDS-4715) ACL on link bucket

Sun, 16 Apr 2023 06:30:06 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-4715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712784#comment-17712784
 ] 

Hongbing Wang commented on HDDS-4715:
-------------------------------------

I tested some typical behaviors by script to verify src and link bucket share 
ACLs. More ACLs verify see `links.robot` in patch.
{code:bash}
#[admin user] [setup]
vol=vol-$RANDOM; echo "vol=$vol"
export HADOOP_USER_NAME=hadoop
ozone sh vol create $vol
ozone sh vol create ${vol}-link
ozone sh bucket create $vol/buk1 
ozone sh bucket link $vol/buk1 ${vol}-link/buk1-link 
ozone sh vol addacl -a=user:testuser:r $vol
ozone sh vol addacl -a=user:testuser:r ${vol}-link

#[testuser]
export HADOOP_USER_NAME=testuser
ozone sh key put $vol/buk1/key1 /etc/hosts               # expect: 
PERMISSION_DENIED
ozone sh key put ${vol}-link/buk1-link/key1 /etc/hosts   # expect: 
PERMISSION_DENIED 

#[admin user] [src acl]
export HADOOP_USER_NAME=hadoop
ozone sh bucket addacl -a=user:testuser:rw $vol/buk1

#[testuser]
export HADOOP_USER_NAME=testuser
ozone sh key put $vol/buk1/key1 /etc/hosts               # expect: pass
ozone sh key put ${vol}-link/buk1-link/key1 /etc/hosts   # expect: pass

#[admin user] [target acl]
export HADOOP_USER_NAME=hadoop
ozone sh bucket removeacl -a=user:testuser:w $vol/buk1

#[testuser]
export HADOOP_USER_NAME=testuser
ozone sh key put $vol/buk1/key1 /etc/hosts               # expect: 
PERMISSION_DENIED
ozone sh key put ${vol}-link/buk1-link/key1 /etc/hosts   # expect: 
PERMISSION_DENIED
ozone sh key ls $vol/buk1                                # expect: pass
ozone sh key ls ${vol}-link/buk1-link                    # expect: pass
{code}

> ACL on link bucket
> ------------------
>
>                 Key: HDDS-4715
>                 URL: https://issues.apache.org/jira/browse/HDDS-4715
>             Project: Apache Ozone
>          Issue Type: Bug
>            Reporter: Sammi Chen
>            Assignee: Hongbing Wang
>            Priority: Major
>              Labels: pull-request-available
>
> In current native ACL implementation,  ACL is set on the link bucket.  It 
> should set on the source bucket instead.  
> Refer to the soft link of Linux FS, generally permission is added to the 
> target file instead of the soft link itself. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to