Setting File and Directory ACEs
Describes how to set access control expressions (ACEs) for files and directories.
For files and directories, run the hadoop mfs command to set Access Control Expression (ACE)s. When ACEs
are set, by default, the corresponding POSIX mode bits are also set. POSIX mode bits for owner
and owning group are deduced by evaluating the corresponding ACEs. POSIX mode bits for others
is set only if "p" is given as the value for an ACE.
The following table lists the POSIX mode bits that correspond to the access types.
| ACE | POSIX Mode Bits | |
|---|---|---|
| File | readfile |
r |
writefile |
w | |
executefile |
x | |
| Directory | readdir |
r |
addchild |
w | |
deletechild |
w | |
lookupdir |
x |
The POSIX mode bit granting write (w) access to directory is set only if
user, role, or group is granted permission for both (addchild and
deletechild) access types.
The hadoop command, by default, sets the POSIX mode bits corresponding to the given ACEs, and:
- Overwrites existing ACE values with new values, if specified, for access types that were previously set.
- Sets ACE values for access types that have not yet been set, if specified.
- Does not modify access types that are not specified with the command, whether or not they were previously set.