[VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Chris Nauroth <cn...@hortonworks.com>]

Hello everyone,

I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
trunk.

HDFS ACLs provide support for finer-grained permissions on files than what
users can express today using traditional Unix permission bits.  An ACL
(Access Control List) consists of a set of ACL entries.  Each ACL entry
names a specific user or group and grants or denies read, write and execute
permissions for that specific user or group.

Development of this feature has been tracked in issue HDFS-4685:
https://issues.apache.org/jira/browse/HDFS-4685

The current design document is available here:
https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf

All development work has been committed to the HDFS-4685 feature branch:
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/

We're currently working on resolving conflicts with the fsimage protobuf
merge, and we expect to complete that work soon.

The feature is backwards-compatible.  By default, the feature is disabled.
 A cluster administrator must enable support for ACLs in configuration.
 There is no impact to existing clusters that choose to leave ACL support
disabled.

In addition to the existing tests that cover permissions, we've developed
more than 200 new tests covering the new ACL get and set APIs through
DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
enforcement of ACLs during file access, integration with the existing
permissions model, persistence of ACLs to fsimage and edits, and more.  We
have documented our further system testing plans in a test plan document
attached to issue HDFS-4685.

I want to thank the numerous contributors who have participated in the
branch development up to this point.  Code contributors are Vinayakumar B,
Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha
Vora contributed the test plan.  The design document incorporates feedback
from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.

This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.

Chris Nauroth
Hortonworks
http://hortonworks.com/

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Haohui Mai <hm...@hortonworks.com>]

+1

I have implemented and reviewed several parts of the features.

The design and implementation focus on providing high assurance the
security enforcement logic. I think the code is in good shape.

Thanks,
Haohui


On Mon, Feb 10, 2014 at 8:29 PM, Vinayakumar B <vi...@huawei.com>wrote:

> +1 (non-binding)
>
> This feature is important and was pending for long time. Thanks everyone
> for all efforts.
> I have been part of the implementation, reviewed patches and design
> document.
>
> Good work guys.
>
> Cheers,
> Vinayakumar B.
>
> -----Original Message-----
> From: Chris Nauroth [mailto:cnauroth@hortonworks.com]
> Sent: 11 February 2014 06:17
> To: hdfs-dev@hadoop.apache.org
> Subject: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk
>
> Hello everyone,
>
> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
> trunk.
>
> HDFS ACLs provide support for finer-grained permissions on files than what
> users can express today using traditional Unix permission bits.  An ACL
> (Access Control List) consists of a set of ACL entries.  Each ACL entry
> names a specific user or group and grants or denies read, write and execute
> permissions for that specific user or group.
>
> Development of this feature has been tracked in issue HDFS-4685:
> https://issues.apache.org/jira/browse/HDFS-4685
>
> The current design document is available here:
>
> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
>
> All development work has been committed to the HDFS-4685 feature branch:
> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
>
> We're currently working on resolving conflicts with the fsimage protobuf
> merge, and we expect to complete that work soon.
>
> The feature is backwards-compatible.  By default, the feature is disabled.
>  A cluster administrator must enable support for ACLs in configuration.
>  There is no impact to existing clusters that choose to leave ACL support
> disabled.
>
> In addition to the existing tests that cover permissions, we've developed
> more than 200 new tests covering the new ACL get and set APIs through
> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
> enforcement of ACLs during file access, integration with the existing
> permissions model, persistence of ACLs to fsimage and edits, and more.  We
> have documented our further system testing plans in a test plan document
> attached to issue HDFS-4685.
>
> I want to thank the numerous contributors who have participated in the
> branch development up to this point.  Code contributors are Vinayakumar B,
> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha
> Vora contributed the test plan.  The design document incorporates feedback
> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
>
> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

RE: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Vinayakumar B <vi...@huawei.com>]

+1 (non-binding)

This feature is important and was pending for long time. Thanks everyone for all efforts.
I have been part of the implementation, reviewed patches and design document. 

Good work guys. 

Cheers,
Vinayakumar B.

-----Original Message-----
From: Chris Nauroth [mailto:cnauroth@hortonworks.com] 
Sent: 11 February 2014 06:17
To: hdfs-dev@hadoop.apache.org
Subject: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

Hello everyone,

I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to trunk.

HDFS ACLs provide support for finer-grained permissions on files than what users can express today using traditional Unix permission bits.  An ACL (Access Control List) consists of a set of ACL entries.  Each ACL entry names a specific user or group and grants or denies read, write and execute permissions for that specific user or group.

Development of this feature has been tracked in issue HDFS-4685:
https://issues.apache.org/jira/browse/HDFS-4685

The current design document is available here:
https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf

All development work has been committed to the HDFS-4685 feature branch:
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/

We're currently working on resolving conflicts with the fsimage protobuf merge, and we expect to complete that work soon.

The feature is backwards-compatible.  By default, the feature is disabled.
 A cluster administrator must enable support for ACLs in configuration.
 There is no impact to existing clusters that choose to leave ACL support disabled.

In addition to the existing tests that cover permissions, we've developed more than 200 new tests covering the new ACL get and set APIs through DistributedFileSystem and WebHdfsFileSystem, the new CLI commands, enforcement of ACLs during file access, integration with the existing permissions model, persistence of ACLs to fsimage and edits, and more.  We have documented our further system testing plans in a test plan document attached to issue HDFS-4685.

I want to thank the numerous contributors who have participated in the branch development up to this point.  Code contributors are Vinayakumar B, Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha Vora contributed the test plan.  The design document incorporates feedback from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas), SZE and Jing Zhao.  Code reviewers on individual patches include Arpit Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.

This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.

Chris Nauroth
Hortonworks
http://hortonworks.com/

--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Chris Nauroth <cn...@hortonworks.com>]

This vote has passed.

I'm pasting below the vote from Sachin Jose, which may have gotten
disconnected from the main thread.

After counting Sachin's vote and my own +1 vote, the final tally is 6
binding +1s and 3 non-binding +1s.  Thank you to everyone who voted.  We'll
proceed with the merge to trunk.



+1. I got a chance to work on this feature. Thanks Chris for coordinating
this team.
A lot of Hadoop users and Hadoop adminitrators are waiting for this feature.


Thanks,
Sachin Jose
Tata Consultancy Services, Kochi

Chris Nauroth
Hortonworks
http://hortonworks.com/



On Thu, Feb 13, 2014 at 2:31 PM, Arpit Agarwal <aa...@hortonworks.com>wrote:

> +1
>
> I was involved with some code reviews and the feature branch is looking
> good. This is ready for merging to trunk.
>
>
> On Thu, Feb 13, 2014 at 1:44 PM, Jing Zhao <ji...@hortonworks.com> wrote:
>
> > +1. ACL is a very useful feature. I reviewed some of the jiras and the
> > code is in a very good shape.
> >
> > Thanks,
> > -Jing
> >
> > On Thu, Feb 13, 2014 at 1:18 PM, Suresh Srinivas <suresh@hortonworks.com
> >
> > wrote:
> > > +1. I have been part of the design of this feature. Thanks to everyone
> > who
> > > contributed to this feature development!
> > >
> > >
> > > On Mon, Feb 10, 2014 at 4:46 PM, Chris Nauroth <
> cnauroth@hortonworks.com
> > >wrote:
> > >
> > >> Hello everyone,
> > >>
> > >> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685
> to
> > >> trunk.
> > >>
> > >> HDFS ACLs provide support for finer-grained permissions on files than
> > what
> > >> users can express today using traditional Unix permission bits.  An
> ACL
> > >> (Access Control List) consists of a set of ACL entries.  Each ACL
> entry
> > >> names a specific user or group and grants or denies read, write and
> > execute
> > >> permissions for that specific user or group.
> > >>
> > >> Development of this feature has been tracked in issue HDFS-4685:
> > >> https://issues.apache.org/jira/browse/HDFS-4685
> > >>
> > >> The current design document is available here:
> > >>
> > >>
> >
> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
> > >>
> > >> All development work has been committed to the HDFS-4685 feature
> branch:
> > >> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
> > >>
> > >> We're currently working on resolving conflicts with the fsimage
> protobuf
> > >> merge, and we expect to complete that work soon.
> > >>
> > >> The feature is backwards-compatible.  By default, the feature is
> > disabled.
> > >>  A cluster administrator must enable support for ACLs in
> configuration.
> > >>  There is no impact to existing clusters that choose to leave ACL
> > support
> > >> disabled.
> > >>
> > >> In addition to the existing tests that cover permissions, we've
> > developed
> > >> more than 200 new tests covering the new ACL get and set APIs through
> > >> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
> > >> enforcement of ACLs during file access, integration with the existing
> > >> permissions model, persistence of ACLs to fsimage and edits, and more.
> >  We
> > >> have documented our further system testing plans in a test plan
> document
> > >> attached to issue HDFS-4685.
> > >>
> > >> I want to thank the numerous contributors who have participated in the
> > >> branch development up to this point.  Code contributors are
> Vinayakumar
> > B,
> > >> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.
> >  Yesha
> > >> Vora contributed the test plan.  The design document incorporates
> > feedback
> > >> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai,
> > Kevin
> > >> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo
> (Nicholas),
> > >> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
> > >> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing
> Zhao.
> > >>
> > >> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
> > >>
> > >> Chris Nauroth
> > >> Hortonworks
> > >> http://hortonworks.com/
> > >>
> > >> --
> > >> CONFIDENTIALITY NOTICE
> > >> NOTICE: This message is intended for the use of the individual or
> > entity to
> > >> which it is addressed and may contain information that is
> confidential,
> > >> privileged and exempt from disclosure under applicable law. If the
> > reader
> > >> of this message is not the intended recipient, you are hereby notified
> > that
> > >> any printing, copying, dissemination, distribution, disclosure or
> > >> forwarding of this communication is strictly prohibited. If you have
> > >> received this communication in error, please contact the sender
> > immediately
> > >> and delete it from your system. Thank You.
> > >>
> > >
> > >
> > >
> > > --
> > > http://hortonworks.com/download/
> > >
> > > --
> > > CONFIDENTIALITY NOTICE
> > > NOTICE: This message is intended for the use of the individual or
> entity
> > to
> > > which it is addressed and may contain information that is confidential,
> > > privileged and exempt from disclosure under applicable law. If the
> reader
> > > of this message is not the intended recipient, you are hereby notified
> > that
> > > any printing, copying, dissemination, distribution, disclosure or
> > > forwarding of this communication is strictly prohibited. If you have
> > > received this communication in error, please contact the sender
> > immediately
> > > and delete it from your system. Thank You.
> >
> > --
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the reader
> > of this message is not the intended recipient, you are hereby notified
> that
> > any printing, copying, dissemination, distribution, disclosure or
> > forwarding of this communication is strictly prohibited. If you have
> > received this communication in error, please contact the sender
> immediately
> > and delete it from your system. Thank You.
> >
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Arpit Agarwal <aa...@hortonworks.com>]

+1

I was involved with some code reviews and the feature branch is looking
good. This is ready for merging to trunk.


On Thu, Feb 13, 2014 at 1:44 PM, Jing Zhao <ji...@hortonworks.com> wrote:

> +1. ACL is a very useful feature. I reviewed some of the jiras and the
> code is in a very good shape.
>
> Thanks,
> -Jing
>
> On Thu, Feb 13, 2014 at 1:18 PM, Suresh Srinivas <su...@hortonworks.com>
> wrote:
> > +1. I have been part of the design of this feature. Thanks to everyone
> who
> > contributed to this feature development!
> >
> >
> > On Mon, Feb 10, 2014 at 4:46 PM, Chris Nauroth <cnauroth@hortonworks.com
> >wrote:
> >
> >> Hello everyone,
> >>
> >> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
> >> trunk.
> >>
> >> HDFS ACLs provide support for finer-grained permissions on files than
> what
> >> users can express today using traditional Unix permission bits.  An ACL
> >> (Access Control List) consists of a set of ACL entries.  Each ACL entry
> >> names a specific user or group and grants or denies read, write and
> execute
> >> permissions for that specific user or group.
> >>
> >> Development of this feature has been tracked in issue HDFS-4685:
> >> https://issues.apache.org/jira/browse/HDFS-4685
> >>
> >> The current design document is available here:
> >>
> >>
> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
> >>
> >> All development work has been committed to the HDFS-4685 feature branch:
> >> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
> >>
> >> We're currently working on resolving conflicts with the fsimage protobuf
> >> merge, and we expect to complete that work soon.
> >>
> >> The feature is backwards-compatible.  By default, the feature is
> disabled.
> >>  A cluster administrator must enable support for ACLs in configuration.
> >>  There is no impact to existing clusters that choose to leave ACL
> support
> >> disabled.
> >>
> >> In addition to the existing tests that cover permissions, we've
> developed
> >> more than 200 new tests covering the new ACL get and set APIs through
> >> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
> >> enforcement of ACLs during file access, integration with the existing
> >> permissions model, persistence of ACLs to fsimage and edits, and more.
>  We
> >> have documented our further system testing plans in a test plan document
> >> attached to issue HDFS-4685.
> >>
> >> I want to thank the numerous contributors who have participated in the
> >> branch development up to this point.  Code contributors are Vinayakumar
> B,
> >> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.
>  Yesha
> >> Vora contributed the test plan.  The design document incorporates
> feedback
> >> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai,
> Kevin
> >> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
> >> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
> >> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
> >>
> >> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
> >>
> >> Chris Nauroth
> >> Hortonworks
> >> http://hortonworks.com/
> >>
> >> --
> >> CONFIDENTIALITY NOTICE
> >> NOTICE: This message is intended for the use of the individual or
> entity to
> >> which it is addressed and may contain information that is confidential,
> >> privileged and exempt from disclosure under applicable law. If the
> reader
> >> of this message is not the intended recipient, you are hereby notified
> that
> >> any printing, copying, dissemination, distribution, disclosure or
> >> forwarding of this communication is strictly prohibited. If you have
> >> received this communication in error, please contact the sender
> immediately
> >> and delete it from your system. Thank You.
> >>
> >
> >
> >
> > --
> > http://hortonworks.com/download/
> >
> > --
> > CONFIDENTIALITY NOTICE
> > NOTICE: This message is intended for the use of the individual or entity
> to
> > which it is addressed and may contain information that is confidential,
> > privileged and exempt from disclosure under applicable law. If the reader
> > of this message is not the intended recipient, you are hereby notified
> that
> > any printing, copying, dissemination, distribution, disclosure or
> > forwarding of this communication is strictly prohibited. If you have
> > received this communication in error, please contact the sender
> immediately
> > and delete it from your system. Thank You.
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Jing Zhao <ji...@hortonworks.com>]

+1. ACL is a very useful feature. I reviewed some of the jiras and the
code is in a very good shape.

Thanks,
-Jing

On Thu, Feb 13, 2014 at 1:18 PM, Suresh Srinivas <su...@hortonworks.com> wrote:
> +1. I have been part of the design of this feature. Thanks to everyone who
> contributed to this feature development!
>
>
> On Mon, Feb 10, 2014 at 4:46 PM, Chris Nauroth <cn...@hortonworks.com>wrote:
>
>> Hello everyone,
>>
>> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
>> trunk.
>>
>> HDFS ACLs provide support for finer-grained permissions on files than what
>> users can express today using traditional Unix permission bits.  An ACL
>> (Access Control List) consists of a set of ACL entries.  Each ACL entry
>> names a specific user or group and grants or denies read, write and execute
>> permissions for that specific user or group.
>>
>> Development of this feature has been tracked in issue HDFS-4685:
>> https://issues.apache.org/jira/browse/HDFS-4685
>>
>> The current design document is available here:
>>
>> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
>>
>> All development work has been committed to the HDFS-4685 feature branch:
>> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
>>
>> We're currently working on resolving conflicts with the fsimage protobuf
>> merge, and we expect to complete that work soon.
>>
>> The feature is backwards-compatible.  By default, the feature is disabled.
>>  A cluster administrator must enable support for ACLs in configuration.
>>  There is no impact to existing clusters that choose to leave ACL support
>> disabled.
>>
>> In addition to the existing tests that cover permissions, we've developed
>> more than 200 new tests covering the new ACL get and set APIs through
>> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
>> enforcement of ACLs during file access, integration with the existing
>> permissions model, persistence of ACLs to fsimage and edits, and more.  We
>> have documented our further system testing plans in a test plan document
>> attached to issue HDFS-4685.
>>
>> I want to thank the numerous contributors who have participated in the
>> branch development up to this point.  Code contributors are Vinayakumar B,
>> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha
>> Vora contributed the test plan.  The design document incorporates feedback
>> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
>> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
>> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
>> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
>>
>> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
>>
>> Chris Nauroth
>> Hortonworks
>> http://hortonworks.com/
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
>
>
> --
> http://hortonworks.com/download/
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Suresh Srinivas <su...@hortonworks.com>]

+1. I have been part of the design of this feature. Thanks to everyone who
contributed to this feature development!


On Mon, Feb 10, 2014 at 4:46 PM, Chris Nauroth <cn...@hortonworks.com>wrote:

> Hello everyone,
>
> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
> trunk.
>
> HDFS ACLs provide support for finer-grained permissions on files than what
> users can express today using traditional Unix permission bits.  An ACL
> (Access Control List) consists of a set of ACL entries.  Each ACL entry
> names a specific user or group and grants or denies read, write and execute
> permissions for that specific user or group.
>
> Development of this feature has been tracked in issue HDFS-4685:
> https://issues.apache.org/jira/browse/HDFS-4685
>
> The current design document is available here:
>
> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
>
> All development work has been committed to the HDFS-4685 feature branch:
> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
>
> We're currently working on resolving conflicts with the fsimage protobuf
> merge, and we expect to complete that work soon.
>
> The feature is backwards-compatible.  By default, the feature is disabled.
>  A cluster administrator must enable support for ACLs in configuration.
>  There is no impact to existing clusters that choose to leave ACL support
> disabled.
>
> In addition to the existing tests that cover permissions, we've developed
> more than 200 new tests covering the new ACL get and set APIs through
> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
> enforcement of ACLs during file access, integration with the existing
> permissions model, persistence of ACLs to fsimage and edits, and more.  We
> have documented our further system testing plans in a test plan document
> attached to issue HDFS-4685.
>
> I want to thank the numerous contributors who have participated in the
> branch development up to this point.  Code contributors are Vinayakumar B,
> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha
> Vora contributed the test plan.  The design document incorporates feedback
> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
>
> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>



-- 
http://hortonworks.com/download/

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: [VOTE] Merge HDFS-4685 HDFS ACLs to trunk

[Azuryy Yu <az...@gmail.com>]

+1

It's very useful, Thanks for improve ACL features.


On Tue, Feb 11, 2014 at 8:46 AM, Chris Nauroth <cn...@hortonworks.com>wrote:

> Hello everyone,
>
> I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
> trunk.
>
> HDFS ACLs provide support for finer-grained permissions on files than what
> users can express today using traditional Unix permission bits.  An ACL
> (Access Control List) consists of a set of ACL entries.  Each ACL entry
> names a specific user or group and grants or denies read, write and execute
> permissions for that specific user or group.
>
> Development of this feature has been tracked in issue HDFS-4685:
> https://issues.apache.org/jira/browse/HDFS-4685
>
> The current design document is available here:
>
> https://issues.apache.org/jira/secure/attachment/12627729/HDFS-ACLs-Design-3.pdf
>
> All development work has been committed to the HDFS-4685 feature branch:
> http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/
>
> We're currently working on resolving conflicts with the fsimage protobuf
> merge, and we expect to complete that work soon.
>
> The feature is backwards-compatible.  By default, the feature is disabled.
>  A cluster administrator must enable support for ACLs in configuration.
>  There is no impact to existing clusters that choose to leave ACL support
> disabled.
>
> In addition to the existing tests that cover permissions, we've developed
> more than 200 new tests covering the new ACL get and set APIs through
> DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
> enforcement of ACLs during file access, integration with the existing
> permissions model, persistence of ACLs to fsimage and edits, and more.  We
> have documented our further system testing plans in a test plan document
> attached to issue HDFS-4685.
>
> I want to thank the numerous contributors who have participated in the
> branch development up to this point.  Code contributors are Vinayakumar B,
> Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao.  Yesha
> Vora contributed the test plan.  The design document incorporates feedback
> from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
> Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
> SZE and Jing Zhao.  Code reviewers on individual patches include Arpit
> Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
>
> This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>