To address one of the issues raised in the preceding section, we will set an ACL that grants Read access to sales data to members of the "execs" group.
Set the ACL:
> hdfs dfs -setfacl -m group:execs:r-- /sales-data
Run
getfaclto check the results:> hdfs dfs -getfacl /sales-data # file: /sales-data # owner: bruce # group: sales user::rw- group::r-- group:execs:r-- mask::r-- other::---
If we run the
lscommand, we see that the listed permissions have been appended with a "+" symbol to indicate the presence of an ACL. The "+" symbol is appended to the permissions of any file or directory that has an ACL.> hdfs dfs -ls /sales-data Found 1 items -rw-r-----+ 3 bruce sales 0 2014-03-04 16:31 /sales-data
The new ACL entry is added to the existing permissions defined by the Permission Bits. As the file owner, Bruce has full control. Members of either the "sales" group or the "execs" group have Read access. All others do not have access.
