[
https://issues.apache.org/jira/browse/HDDS-7933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17730632#comment-17730632
]
George Jahad commented on HDDS-7933:
------------------------------------
Here is a complete working test case created by [~tejaskriya09] :
```
bash-4.2$ echo k1 > k1.orig
bash-4.2$ kinit -kt /etc/security/keytabs/om.keytab om/[email protected]
bash-4.2$ ozone sh volume create vol1
bash-4.2$ ozone sh bucket create -l OBJECT_STORE vol1/buck1
bash-4.2$ ozone sh volume addacl vol1 -a user:testuser2:a[DEFAULT]
ACL user:testuser2:a[DEFAULT] added successfully.
bash-4.2$ ozone sh bucket create -l OBJECT_STORE vol1/buck2
bash-4.2$ ozone sh bucket create -l OBJECT_STORE vol1/buck3
bash-4.2$ ozone sh bucket addacl vol1/buck3 -a user:testuser2:a[DEFAULT]
ACL user:testuser2:a[DEFAULT] added successfully.
bash-4.2$
bash-4.2$
bash-4.2$
bash-4.2$ ozone sh key put vol1/buck1/k1 k1.orig
bash-4.2$ ozone sh key put vol1/buck2/k1 k1.orig
bash-4.2$ ozone sh key put vol1/buck3/k1 k1.orig
bash-4.2$
bash-4.2$
bash-4.2$
bash-4.2$ ozone sh prefix addacl vol1/buck3/dir1/ -a user:testuser2:a[DEFAULT]
ACL user:testuser2:a[DEFAULT] added successfully.
bash-4.2$ ozone sh key put vol1/buck3/dir1/k1 k1.orig
bash-4.2$
bash-4.2$
bash-4.2$ kdestroy
bash-4.2$ kinit -kt /etc/security/keytabs/testuser2.keytab
testuser2/[email protected]
bash-4.2$ ozone sh key cat vol1/buck3/k1
k1
bash-4.2$ ozone sh key cat vol1/buck3/dir1/k1
k1
```
> Prefix ACL's are undocumented, (and don't seem to work.)
> --------------------------------------------------------
>
> Key: HDDS-7933
> URL: https://issues.apache.org/jira/browse/HDDS-7933
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: George Jahad
> Assignee: Tejaskriya Madhan
> Priority: Minor
> Attachments: Design Doc- Native ACL support for Ozone.pdf
>
>
> I have been unable to get prefix ACL's to work. (They are listed as an object
> type here: https://ozone.apache.org/docs/1.3.0/security/securityacls.html )
> Because they are undocumented I'm not sure if I'm doing something wrong or if
> they are just broken.
> It doesn't seem like anybody uses them, so it is fine with me if we just
> deprecate them.
> The only reason they came up is because I was adding support for native ACL's
> to snapshotting. I noticed them in the code and thought I should make sure
> they work for snapshots as well. But if no one is using them I won't bother.
> FYI: Here is how I tried to get them to work:
> https://gist.github.com/GeorgeJahad/7601d00278060264dc57b13e368c46f4
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
