[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lei (Eddy) Xu updated HDFS-13170:
-
Fix Version/s: (was: 3.0.2)
3.0.3
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.0.0-alpha2
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Fix For: 3.1.0, 3.0.3
>
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch,
> HDFS-13170.003.patch, HDFS-13170.004.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HDFS-13170:
-
Resolution: Fixed
Hadoop Flags: Reviewed
Fix Version/s: 3.0.2
3.1.0
Status: Resolved (was: Patch Available)
Committed to trunk, branch-3.1 and branch-3.0.
Thanks for the contribution [~sodonnell]!
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.0.0-alpha2
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Fix For: 3.1.0, 3.0.2
>
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch,
> HDFS-13170.003.patch, HDFS-13170.004.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Attachment: HDFS-13170.004.patch
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.0.0-alpha2
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch,
> HDFS-13170.003.patch, HDFS-13170.004.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Attachment: HDFS-13170.003.patch
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.0.0-alpha2
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch,
> HDFS-13170.003.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiao Chen updated HDFS-13170:
-
Affects Version/s: (was: 3.2.0)
3.0.0-alpha2
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.0.0-alpha2
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Attachment: HDFS-13170.002.patch
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.2.0
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch, HDFS-13170.002.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Affects Version/s: 3.2.0
Status: Patch Available (was: Open)
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Affects Versions: 3.2.0
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Attachment: HDFS-13170.001.patch
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Reporter: Stephen O'Donnell
>Assignee: Stephen O'Donnell
>Priority: Major
> Attachments: HDFS-13170.001.patch
>
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:r--
> user:user2:rwx #effective:r--
> group::r-x #effective:r--
> group:users:rwx #effective:r--
> mask::r--
> other::r--
> {code}
> And if you enable this, to fix the bug above, the result is as you would
> expect:
> {code}
> # file: /test_acl/file_from_shell
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx #effective:rw-
> user:user2:rwx #effective:rw-
> group::r-x #effective:r--
> group:users:rwx #effective:rw-
> mask::rw-
> other::r--
> {code}
> If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
> as above:
> {code}
> # file: /test_acl/default_permissions
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx #effective:r-x
> user:user2:rwx #effective:r-x
> group::r-x
> group:users:rwx #effective:r-x
> mask::r-x
> other::r-x
> {code}
> Notice the mask is set to r-x and this remove the write permission on the new
> file.
> As part of HDFS-6962 a new parameter was added to webhdfs
> 'unmaskedpermission'. By passing it to a webhdfs call, it can result in the
> same behaviour as when a file is written from the CLI:
> {code}
> curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
> "http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
> # file: /test_acl/unmasked__770
> # owner: user1
> # group: supergroup
> user::rwx
> user:user1:rwx
> user:user2:rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::---
> {code}
> However, this parameter was never ported to HTTPFS.
> This Jira is to replicate the same changes to HTTPFS so this parameter is
> available there too.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Updated] (HDFS-13170) Port webhdfs unmaskedpermission parameter to HTTPFS
[
https://issues.apache.org/jira/browse/HDFS-13170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen O'Donnell updated HDFS-13170:
-
Description:
HDFS-6962 fixed a long standing issue where default ACLs are not correctly
applied to files when they are created from the hadoop shell.
With this change, if you create a file with default ACLs against the parent
directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result is:
{code}
# file: /test_acl/file_from_shell_off
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx #effective:r--
user:user2:rwx #effective:r--
group::r-x #effective:r--
group:users:rwx #effective:r--
mask::r--
other::r--
{code}
And if you enable this, to fix the bug above, the result is as you would expect:
{code}
# file: /test_acl/file_from_shell
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx #effective:rw-
user:user2:rwx #effective:rw-
group::r-x #effective:r--
group:users:rwx #effective:rw-
mask::rw-
other::r--
{code}
If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
as above:
{code}
# file: /test_acl/default_permissions
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx #effective:r-x
user:user2:rwx #effective:r-x
group::r-x
group:users:rwx #effective:r-x
mask::r-x
other::r-x
{code}
Notice the mask is set to r-x and this remove the write permission on the new
file.
As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'.
By passing it to a webhdfs call, it can result in the same behaviour as when a
file is written from the CLI:
{code}
curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
"http://namenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
# file: /test_acl/unmasked__770
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
group:users:rwx
mask::rwx
other::---
{code}
However, this parameter was never ported to HTTPFS.
This Jira is to replicate the same changes to HTTPFS so this parameter is
available there too.
was:
HDFS-6962 fixed a long standing issue where default ACLs are not correctly
applied to files when they are created from the hadoop shell.
With this change, if you create a file with default ACLs against the parent
directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result is:
{code}
# file: /test_acl/file_from_shell_off
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx #effective:r--
user:user2:rwx #effective:r--
group::r-x #effective:r--
group:users:rwx #effective:r--
mask::r--
other::r--
{code}
And if you enable this, to fix the bug above, the result is as you would expect:
{code}
# file: /test_acl/file_from_shell
# owner: user1
# group: supergroup
user::rw-
user:user1:rwx #effective:rw-
user:user2:rwx #effective:rw-
group::r-x #effective:r--
group:users:rwx #effective:rw-
mask::rw-
other::r--
{code}
If I then create a file over HTTPFS or webHDFS, the behaviour is not the same
as above:
{code}
# file: /test_acl/default_permissions
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx #effective:r-x
user:user2:rwx #effective:r-x
group::r-x
group:users:rwx #effective:r-x
mask::r-x
other::r-x
{code}
Notice the mask is set to r-x and this remove the write permission on the new
file.
As part of HDFS-6962 a new parameter was added to webhdfs 'unmaskedpermission'.
By passing it to a webhdfs call, it can result in the same behaviour as when a
file is written from the CLI:
{code}
curl -i -X PUT -T test.txt --header "Content-Type:application/octet-stream"
"http://host-10-17-103-28.coe.cloudera.comnamenode:50075/webhdfs/v1/test_acl/unmasked__770?op=CREATE=user1=namenode:8020=false=770;
# file: /test_acl/unmasked__770
# owner: user1
# group: supergroup
user::rwx
user:user1:rwx
user:user2:rwx
group::r-x
group:users:rwx
mask::rwx
other::---
{code}
However, this parameter was never ported to HTTPFS.
This Jira is to replicate the same changes to HTTPFS so this parameter is
available there too.
> Port webhdfs unmaskedpermission parameter to HTTPFS
> ---
>
> Key: HDFS-13170
> URL: https://issues.apache.org/jira/browse/HDFS-13170
> Project: Hadoop HDFS
> Issue Type: Improvement
>Reporter: Stephen O'Donnell
>Priority: Major
>
> HDFS-6962 fixed a long standing issue where default ACLs are not correctly
> applied to files when they are created from the hadoop shell.
> With this change, if you create a file with default ACLs against the parent
> directory, with dfs.namenode.posix.acl.inheritance.enabled=false, the result
> is:
> {code}
> # file: /test_acl/file_from_shell_off
> # owner: user1
> # group: supergroup
> user::rw-
> user:user1:rwx
