Re: A question about HDFS permissions

[Chris Nauroth <cn...@gmail.com>]

Hello,

It wasn't clear to me if you were asking for more details about
setuid/setgid in general, or just information about how it relates to HDFS,
so I'll try to answer both.

This statement is a reference to the POSIX notion of setuid and setgid,
which allow you to set up an executable file that runs as if the invoking
user was the owner of the file or as if the invoking user was a member of
the file's group.  Typically, this allows an unprivileged user to elevate
their privileges to do some critical system action, but in a more
controlled way than just granting sudo permission to give the user full
access to do anything.  For more details, this is a decent introduction:

https://en.wikipedia.org/wiki/Setuid

Specifically in relation to HDFS, we do not support the setuid/setgid bits
in our permission model.  Even if we did, it would be mostly meaningless,
because HDFS files are not directly executable by a user anyway.  The only
viable use case I can think of might be if someone wanted to copy files
from a different file system that does support setuid/setgid into HDFS, and
then copy those same files out of HDFS back to the other file system later,
and have the setuid/setgid bits preserved end-to-end.  I've never heard
anyone ask for HDFS to support this kind of thing though, because it's rare
that someone wants to store executable files in HDFS.

I hope this helps.


On Tue, Nov 8, 2016 at 8:12 AM, zhangjc <61...@qq.com> wrote:

> How to understand the following sentence in "HDFS Permissions Guide”:
> In contrast to the POSIX model, there are no setuid or setgid bits for
> files as there is no notion of executable files. For directories, there are
> no setuid or setgid bits directory as a simplification.
>



-- 
Chris Nauroth