You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Chris Nauroth (JIRA)" <ji...@apache.org> on 2014/01/26 18:16:38 UTC
[jira] [Updated] (HADOOP-10277) setfacl -x fails to parse ACL spec
if trying to remove the mask entry.
[ https://issues.apache.org/jira/browse/HADOOP-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth updated HADOOP-10277:
-----------------------------------
Attachment: HADOOP-10277.1.patch
Thanks for volunteering to take this, [~vinayrpet]. I did have a patch in progress, so I'll just attach the work I've done so far and ask you if you want to do anything more with this.
As part of this patch, I also wanted to refactor {{AclEntry#parseAclSpec}} so that the logic of parsing a single entry is in a separate public static method: {{AclEntry#parseAclEntry}}. That's going to be helpful for the HDFS-5608 WebHDFS patch. I didn't get the refactoring done yet in this version of the patch.
bq. But my doubt is, whether removing the mask is allowed ?
Actually, you are correct. I was incorrect when I said earlier that you can remove the mask to trigger automatic recalculation. It is invalid to attempt to remove the mask from an ACL that needs it, however, the error should get reported from the server side instead of a failure to parse the ACL spec. We already have the code to do this in the NameNode in {{AclTransformation#buildAndValidateAcl}}. The parsing still needs to be able to parse a mask entry with no permission, because it is valid to remove the mask entry if you're also removing all other extended ACL entries (reducing it from an extended ACL back to a minimal ACL). See below for an example on Linux.
{code}
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
user:bruce:rwx #effective:r--
group::rw- #effective:r--
mask::r--
other::r--
[cnauroth@ubuntu:pts/0] acltest
> setfacl -x mask:: file1
setfacl: file1: Malformed access ACL `user::rw-,user:bruce:rwx,group::rw-,other::r--': Missing or wrong entry at entry 4
[cnauroth@ubuntu:pts/0] acltest
> setfacl -x mask::,user:bruce: file1
[cnauroth@ubuntu:pts/0] acltest
> getfacl file1
# file: file1
# owner: cnauroth
# group: cnauroth
user::rw-
group::rw-
other::r--
{code}
> setfacl -x fails to parse ACL spec if trying to remove the mask entry.
> ----------------------------------------------------------------------
>
> Key: HADOOP-10277
> URL: https://issues.apache.org/jira/browse/HADOOP-10277
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs
> Affects Versions: HDFS ACLs (HDFS-4685)
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HADOOP-10277.1.patch
>
>
> You should be able to use setfacl -x to remove the mask entry (which then triggers recalculation of an automatically inferred mask if the file has an extended ACL). Right now, this causes a failure to parse the ACL spec due to a bug in {{AclEntry#parseAclSpec}}.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)