Using CLI commands to create and list ACLs

You can use the sub-commands setfacl and getfacl to create and list ACLs on HDFS.These commands are modeled after the same Linux shell commands.

  • setfacl

    Sets ACLs for files and directories.

    Example:

    -setfacl [-bkR] {-m|-x} <acl_spec> <path>
    -setfacl --set <acl_spec> <path>

    Options:

    Table 1. ACL Options
    Option Description
    -b Remove all entries, but retain the base ACL entries. The entries for User, Group, and Others are retained for compatibility with Permission Bits.
    -k Remove the default ACL.
    -R Apply operations to all files and directories recursively.
    -m Modify the ACL. New entries are added to the ACL, and existing entries are retained.
    -x Remove the specified ACL entries. All other ACL entries are retained.
    --set Fully replace the ACL and discard all existing entries. The acl_spec must include entries for User, Group, and Others for compatibility with Permission Bits.
    <acl_spec> A comma-separated list of ACL entries.
    <path> The path to the file or directory to modify.

    Examples:

    hdfs dfs -setfacl -m user:hadoop:rw- /file
    hdfs dfs -setfacl -x user:hadoop /file
    hdfs dfs -setfacl -b /file
    hdfs dfs -setfacl -k /dir
    hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /file
    hdfs dfs -setfacl -R -m user:hadoop:r-x /dir
    hdfs dfs -setfacl -m default:user:hadoop:r-x /dir

    Exit Code:

    Returns 0 on success and non-zero on error.

  • getfacl

    Displays the ACLs of files and directories. If a directory has a default ACL, getfacl also displays the default ACL.

    Usage:

     -getfacl [-R] <path>
    Options:
    Table 2. getfacl Options
    Option Description
    -R List the ACLs of all files and directories recursively.
    <path> The path to the file or directory to list.

    Examples:

    hdfs dfs -getfacl /file
    hdfs dfs -getfacl -R /dir

    Exit Code:

    Returns 0 on success and non-zero on error.