Using CLI commands to create and list ACLs

You can use the sub-commands setfacl and getfacl to create and list ACLs on HDFS.These commands are modeled after the same Linux shell commands.

setfacl

Sets ACLs for files and directories.

Example:

-setfacl [-bkR] {-m|-x} <acl_spec> <path>

-setfacl --set <acl_spec> <path>

Options:

Table 1. ACL Options
Option	Description
`-b`	Remove all entries, but retain the base ACL entries. The entries for User, Group, and Others are retained for compatibility with Permission Bits.
`-k`	Remove the default ACL.
`-R`	Apply operations to all files and directories recursively.
`-m`	Modify the ACL. New entries are added to the ACL, and existing entries are retained.
`-x`	Remove the specified ACL entries. All other ACL entries are retained.
`--set`	Fully replace the ACL and discard all existing entries. The acl_spec must include entries for User, Group, and Others for compatibility with Permission Bits.
`<acl_spec>`	A comma-separated list of ACL entries.
`<path>`	The path to the file or directory to modify.

Examples:

hdfs dfs -setfacl -m user:hadoop:rw- /file
hdfs dfs -setfacl -x user:hadoop /file
hdfs dfs -setfacl -b /file
hdfs dfs -setfacl -k /dir
hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /file
hdfs dfs -setfacl -R -m user:hadoop:r-x /dir
hdfs dfs -setfacl -m default:user:hadoop:r-x /dir

Exit Code:

Returns 0 on success and non-zero on error.

getfacl

Displays the ACLs of files and directories. If a directory has a default ACL, getfacl also displays the default ACL.

Usage:

 -getfacl [-R] <path>

Options:

Table 2. getfacl Options
Option	Description
`-R`	List the ACLs of all files and directories recursively.
`<path>`	The path to the file or directory to list.

Examples:

hdfs dfs -getfacl /file
hdfs dfs -getfacl -R /dir

Exit Code:

Returns 0 on success and non-zero on error.