Using CLI Commands to Create and List ACLs
Two new sub-commands are added to FsShell: setfacl
and getfacl
. These commands are modeled after the same Linux shell commands, but fewer flags are
implemented. Support for additional flags may be added later if required.
setfacl
Sets ACLs for files and directories.
Example:
-setfacl [-bkR] {-m|-x} <acl_spec> <path>
-setfacl --set <acl_spec> <path>
Options:
Table 1.1. ACL Options
Option Description -b
Remove all entries, but retain the base ACL entries. The entries for User, Group, and Others are retained for compatbility with Permission Bits. -k
Remove the default ACL. -R
Apply operations to all files and directories recursively. -m
Modify the ACL. New entires are added to the ACL, and existing entries are retained. -x
Remove the specified ACL entires. All other ACL entries are retained. --set
Fully replace the ACL and discard all existing entries. The acl_spec must include entries for User, Group, and Others for compatibility with Permission Bits. <acl_spec>
A comma-separated list of ACL entries. lt;path>
The path to the file or directory to modify. Examples:
hdfs dfs -setfacl -m user:hadoop:rw- /file hdfs dfs -setfacl -x user:hadoop /file hdfs dfs -setfacl -b /file hdfs dfs -setfacl -k /dir hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /file hdfs dfs -setfacl -R -m user:hadoop:r-x /dir hdfs dfs -setfacl -m default:user:hadoop:r-x /dir
Exit Code:
Returns 0 on success and non-zero on error.
getfacl
Displays the ACLs of files and directories. If a directory has a default ACL,
getfacl
also displays the default ACL.Usage:
-getfacl [-R] <path>
Options:
Table 1.2. getfacl Options
Option Description -R
List the ACLs of all files and directories recursively. <path>
The path to the file or directory to list. Examples:
hdfs dfs -getfacl /file hdfs dfs -getfacl -R /dir
Exit Code:
Returns 0 on success and non-zero on error.