I would like to call a vote to merge HDFS ACLs from branch HDFS-4685 to
HDFS ACLs provide support for finer-grained permissions on files than what
users can express today using traditional Unix permission bits. An ACL
(Access Control List) consists of a set of ACL entries. Each ACL entry
names a specific user or group and grants or denies read, write and execute
permissions for that specific user or group.
Development of this feature has been tracked in issue HDFS-4685:
The current design document is available here:
All development work has been committed to the HDFS-4685 feature branch:
We're currently working on resolving conflicts with the fsimage protobuf
merge, and we expect to complete that work soon.
The feature is backwards-compatible. By default, the feature is disabled.
A cluster administrator must enable support for ACLs in configuration.
There is no impact to existing clusters that choose to leave ACL support
In addition to the existing tests that cover permissions, we've developed
more than 200 new tests covering the new ACL get and set APIs through
DistributedFileSystem and WebHdfsFileSystem, the new CLI commands,
enforcement of ACLs during file access, integration with the existing
permissions model, persistence of ACLs to fsimage and edits, and more. We
have documented our further system testing plans in a test plan document
attached to issue HDFS-4685.
I want to thank the numerous contributors who have participated in the
branch development up to this point. Code contributors are Vinayakumar B,
Sachin Jose, Renil Joseph, Haohui Mai, Chris Nauroth and Jing Zhao. Yesha
Vora contributed the test plan. The design document incorporates feedback
from many community members: Dilli Arumugam, Brandon Li, Haohui Mai, Kevin
Minder, Chris Nauroth, Sanjay Radia, Suresh Srinivas, Tsz Wo (Nicholas),
SZE and Jing Zhao. Code reviewers on individual patches include Arpit
Agarwal, Colin Patrick McCabe, Haohui Mai, Chris Nauroth and Jing Zhao.
This vote runs for a week and closes on 2/17/2014 at 11:59 pm PT.
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.