Setting File and Directory ACEs

Describes how to set access control expressions (ACEs) for files and directories.

For files and directories, run the hadoop mfs command to set Access Control Expression (ACE)s. When ACEs are set, by default, the corresponding POSIX mode bits are also set. POSIX mode bits for owner and owning group are deduced by evaluating the corresponding ACEs. POSIX mode bits for others is set only if "p" is given as the value for an ACE.

The following table lists the POSIX mode bits that correspond to the access types.

File readfile r
writefile w
executefile x
Directory readdir r
addchild w
deletechild w
lookupdir x

The POSIX mode bit granting write (w) access to directory is set only if user, role, or group is granted permission for both (addchild and deletechild) access types.

The hadoop command, by default, sets the POSIX mode bits corresponding to the given ACEs, and:

  • Overwrites existing ACE values with new values, if specified, for access types that were previously set.
  • Sets ACE values for access types that have not yet been set, if specified.
  • Does not modify access types that are not specified with the command, whether or not they were previously set.
Warning: Changing the POSIX mode bits using chmod does not change the corresponding ACE setting and may result in different, conflicting permissions to files and directories.