Security
Also available as:
PDF
loading table of contents...

Using CLI Commands to Create and List ACLs

Two new sub-commands are added to FsShell: setfacl and getfacl. These commands are modeled after the same Linux shell commands, but fewer flags are implemented. Support for additional flags may be added later if required.

  • setfacl

    Sets ACLs for files and directories.

    Example:

    -setfacl [-bkR] {-m|-x} <acl_spec> <path>
    -setfacl --set <acl_spec> <path>

    Options:

    Table 6.1. ACL Options

    OptionDescription
    -bRemove all entries, but retain the base ACL entries. The entries for User, Group, and Others are retained for compatbility with Permission Bits.
    -kRemove the default ACL.
    -RApply operations to all files and directories recursively.
    -mModify the ACL. New entires are added to the ACL, and existing entries are retained.
    -xRemove the specified ACL entires. All other ACL entries are retained.
    --setFully replace the ACL and discard all existing entries. The acl_spec must include entries for User, Group, and Others for compatibility with Permission Bits.
    <acl_spec>A comma-separated list of ACL entries.
    <path>The path to the file or directory to modify.

    Examples:

    hdfs dfs -setfacl -m user:hadoop:rw- /file
    hdfs dfs -setfacl -x user:hadoop /file
    hdfs dfs -setfacl -b /file
    hdfs dfs -setfacl -k /dir
    hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /file
    hdfs dfs -setfacl -R -m user:hadoop:r-x /dir
    hdfs dfs -setfacl -m default:user:hadoop:r-x /dir

    Exit Code:

    Returns 0 on success and non-zero on error.

  • getfacl

    Displays the ACLs of files and directories. If a directory has a default ACL, getfacl also displays the default ACL.

    Usage:

     -getfacl [-R] <path> 

    Options:

    Table 6.2. getfacl Options

    OptionDescription
    -RList the ACLs of all files and directories recursively.
    <path>The path to the file or directory to list.


    Examples:

    hdfs dfs -getfacl /file
    hdfs dfs -getfacl -R /dir

    Exit Code:

    Returns 0 on success and non-zero on error.