whbing commented on PR #4738: URL: https://github.com/apache/ozone/pull/4738#issuecomment-1632665313
> > **Currently implemented logic**: all node(dir/file) has its owner acls as well as inherited acls. > > The logic of acl inheritance is as follows > > ``` > > 1. `FSO`: subdir or leaf file inherit direct parent's DEFAULT acl, subdir keeps DEFAULT scope and file keeps ACCESS scope > > > > 2. `LEGACY`: subdir (endwith /) inherit direct parent's DEFAULT acl and keeps DEFAULT scope, leaf file inherit bucket DEFAULT acls (because can't get the parent info temporarily, maybe can optimize it in subsequent PR) > > > > 3. `OBS`: no dir, inherit from bucket DEFAULT acls. > > ``` > > @whbing , it's good to have a summary here. I have one question about "LEGACY" bucket. Say there are two subdirs under bucket1, one is dir1/, another is dir1/dir2/. Bucket has one DEFAULT ACL1, dir1/ has one DEFAULT ACL2(prefix ACL), will dir1/dir2/ inherits both ACL1 and ACL2? I think it is: 1. FSO or Legacy with EnableFileSystem: inherit the **latest parent** dir's DEFAULT acls. If latest parent dir has no DEFAULT acls, just inherit bucket acls and the ancestor is not traced. 2. OBS or Legacy with DisableFileSystem: inherit the the **bucket** DEFAULT acls. How about that logic? The relevant codes in: `OMKeyRequest#getAclsForKey` and `OMKeyRequest#getAclsForDir` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
