test
getfacl: basic permissions
-fs NAMENODE -touchz /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
group::r--
SubstringComparator
other::r--
getfacl: basic permissions for directory
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
setfacl : Add an ACL
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r-- /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:bob:r--
SubstringComparator
group::r--
SubstringComparator
mask::r--
SubstringComparator
other::r--
setfacl : Add multiple ACLs at once
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:bob:r--
SubstringComparator
group::r--
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r--
setfacl : Remove an ACL
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r--,user:charlie:r-x /file1
-fs NAMENODE -setfacl -x user:bob /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:charlie:r-x
SubstringComparator
group::r--
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!bob)*
setfacl : Add default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:user:charlie:r-x
SubstringComparator
default:group::r-x
SubstringComparator
default:group:admin:rwx
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
setfacl : try adding default ACL to file
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m default:user:charlie:r-x /file1
-fs NAMENODE -rm /file1
SubstringComparator
setfacl: Invalid ACL: only directories may have a default ACL
setfacl : Remove one default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -x default:user:charlie /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:group::r-x
SubstringComparator
default:group:admin:rwx
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
RegexpAcrossOutputComparator
.*(?!default:user:charlie).*
setfacl : Remove all default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -k /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
RegexpAcrossOutputComparator
.*(?!default).*
setfacl : Remove all but base ACLs for a directory
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -b /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
RegexpAcrossOutputComparator
.*(?!charlie).*
RegexpAcrossOutputComparator
.*(?!default).*
RegexpAcrossOutputComparator
.*(?!admin).*
setfacl : Remove all but base ACLs for a file
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /file1
-fs NAMENODE -setfacl -b /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
group::r--
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!charlie).*
RegexpAcrossOutputComparator
.*(?!admin).*
setfacl : check inherit default ACL to file
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -touchz /dir1/file
-fs NAMENODE -getfacl /dir1/file
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1/file
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:charlie:r-x
SubstringComparator
group::r--
SubstringComparator
group:admin:rwx
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!default).*
setfacl : check inherit default ACL to dir
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -getfacl /dir1/dir2
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1/dir2
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:charlie:r-x
SubstringComparator
group::r-x
SubstringComparator
group:admin:rwx
SubstringComparator
mask::rwx
SubstringComparator
default:user::rwx
SubstringComparator
default:user:charlie:r-x
SubstringComparator
default:group::r-x
SubstringComparator
default:group:admin:rwx
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
SubstringComparator
other::r-x
getfacl -R : recursive
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -setfacl -m user:user1:r-x,group:users:rwx /dir1/dir2
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:user1:r-x#LF#group::r-x#LF#group:users:rwx#LF#mask::rwx#LF#other::r-x#LF##LF#
setfacl -R : recursive
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -setfacl -R -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF#
setfacl --set : Set full set of ACLs
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -setfacl --set user::rw-,group::r--,other::r--,user:user1:r-x,group:users:rw- /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:user1:r-x#LF#group::r--#LF#group:users:rw-#LF#mask::rwx#LF#other::r--#LF##LF#
setfacl -x mask : remove mask entry along with other ACL entries
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -setfacl -x mask::,user:charlie,group:admin /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#group::r-x#LF#other::r-x#LF##LF#
getfacl: only default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:rwx /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:user:charlie:rwx
SubstringComparator
default:group::r-x
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
getfacl: effective permissions
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:rwx,group::-wx,group:sales:rwx,mask::r-x,default:user:charlie:rwx,default:group::r-x,default:group:sales:rwx,default:mask::rw- /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
RegexpComparator
^user:charlie:rwx\s+#effective:r-x$
RegexpComparator
^group::-wx\s+#effective:--x$
RegexpComparator
^group:sales:rwx\s+#effective:r-x$
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
RegexpComparator
^default:user:charlie:rwx\s+#effective:rw-$
RegexpComparator
^default:group::r-x\s+#effective:r--$
RegexpComparator
^default:group:sales:rwx\s+#effective:rw-$
SubstringComparator
default:mask::rw-
SubstringComparator
default:other::r-x
ls: display extended acl marker
-fs NAMENODE -mkdir -p /dir1/dir2
-fs NAMENODE -setfacl -m user:charlie:rwx,group::-wx,group:sales:rwx,mask::r-x,default:user:charlie:rwx,default:group::r-x,default:group:sales:rwx,default:mask::rw- /dir1/dir2
-fs NAMENODE -ls /dir1
-fs NAMENODE -rm -R /dir1
TokenComparator
Found 1 items
RegexpComparator
^drwxr-xr-x\+( )*-( )*[a-zA-z0-9]*( )*supergroup( )*0( )*[0-9]{4,}-[0-9]{2,}-[0-9]{2,} [0-9]{2,}:[0-9]{2,}( )*/dir1/dir2