Community Articles
Find and share helpful community-sourced technical articles
Labels (1)

Linux ACLs are implemented in such a way that setting default ACLs on parent directory shall automatically get inherited to child directories and umask shall have no influence in this behavior. However HDFS ACLs have slightly different approach here, they do take into account umask set in hdfs-site.xml in parameter "fs.permissions.umask-mode" and enforce ACLs on child folders based on these two parameter with umask taking precedence over the other.

Let's try and reproduce this case :-

[gaurav@test ~]$ fs -mkdir /tmp/acltest 
[gaurav@test ~]$ fs -setfacl -m default:mask::rwx /tmp/acltest 
[gaurav@test ~]$ fs -setfacl -m mask::rwx /tmp/acltest 
[gaurav@test ~]$ fs -setfacl -m default:user:adam:rwx /tmp/acltest 
[gaurav@test ~]$ fs -setfacl -m user:adam:rwx /tmp/acltest 

Let's see what ACLs are implemented :-

[gaurav@test~]$ fs -getfacl /tmp/acltest 

# file: /tmp/acltest 

# owner: gaurav

# group: hdfs 

user::rwx 

user:adam:rwx 

group::r-x 

mask::rwx 

other::r-x 

default:user::rwx 

default:user:adam:rwx 

default:group::r-x 

default:mask::rwx 

default:other::r-x

Let's create a child directory now and see ACLs inherited.

[gaurav@test ~]$ fs -mkdir /tmp/acltest/subdir1 

[gaurav@test~]$ fs -getfacl /tmp/acltest/subdir1 

# file: /tmp/acltest/subdir1 

# owner: gaurav

# group: hdfs 

user::rwx 

user:adam:rwx #effective:r-x 

group::r-x 

mask::r-x 

other::r-x 

default:user::rwx 

default:user:adam:rwx 

default:group::r-x 

default:mask::rwx

In our example, umask was set as 022 and hence effective ACL on child directory turned out to be r-x.

REFERENCE: https://issues.apache.org/jira/browse/HDFS-6962

6,777 Views