You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Chris Nauroth (JIRA)" <ji...@apache.org> on 2014/01/23 20:18:39 UTC

[jira] [Commented] (HADOOP-10270) getfacl does not display effective permissions of masked entries.

    [ https://issues.apache.org/jira/browse/HADOOP-10270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13880247#comment-13880247 ] 

Chris Nauroth commented on HADOOP-10270:
----------------------------------------

See below for example output from getfacl on Linux.  The logic for this would be:

{code}
Find the mask entry within the scope, either access or default.
Go back and iterate through all entries.
If entry is named user, named group, or unnamed group
  Calculate effective permissions by applying the mask from the same scope using {{FsAction#and}}.
  If effective permissions are different from actual permissions
    Also display effective permissions.
{code}

The effective permissions are not displayed if the mask doesn't turn any permissions off.

{code}
> getfacl dir1
# file: dir1
# owner: cnauroth
# group: cnauroth
user::rw-
user:bruce:rwx                  #effective:r--
user:diana:r--
group::rw-                      #effective:r--
mask::r--
other::r--
user::rw-
default:user:bruce:rwx          #effective:r--
default:user:diana:r--
default:group::rw-              #effective:r--
default:mask::r--
default:other::r--
{code}


> getfacl does not display effective permissions of masked entries.
> -----------------------------------------------------------------
>
>                 Key: HADOOP-10270
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10270
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Priority: Minor
>
> The mask entry of an ACL can be changed to restrict permissions that would be otherwise granted via named user and group entries.  In these cases, the typical implementation of getfacl also displays the effective permissions after applying the mask.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)