test
getfacl: basic permissions
-fs NAMENODE -touchz /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
group::r--
SubstringComparator
other::r--
getfacl: basic permissions for directory
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
setfacl : Add an ACL
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r-- /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:bob:r--
SubstringComparator
group::r--
SubstringComparator
mask::r--
SubstringComparator
other::r--
setfacl : Add multiple ACLs at once
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:bob:r--
SubstringComparator
group::r--
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r--
setfacl : Remove an ACL
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:bob:r--,user:charlie:r-x /file1
-fs NAMENODE -setfacl -x user:bob /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:charlie:r-x
SubstringComparator
group::r--
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!bob)*
setfacl : Add default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:user:charlie:r-x
SubstringComparator
default:group::r-x
SubstringComparator
default:group:admin:rwx
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
setfacl : Add minimal default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user::rwx /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:group::r-x
SubstringComparator
default:other::r-x
RegexpAcrossOutputComparator
.*(?!default\:mask)*
setfacl : try adding default ACL to file
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m default:user:charlie:r-x /file1
-fs NAMENODE -rm /file1
SubstringComparator
setfacl: Invalid ACL: only directories may have a default ACL
setfacl : Remove one default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -x default:user:charlie /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:group::r-x
SubstringComparator
default:group:admin:rwx
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
RegexpAcrossOutputComparator
.*(?!default:user:charlie).*
setfacl : Remove all default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:bob:r--,group:users:r-x /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -k /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
user:bob:r--
SubstringComparator
group::r-x
SubstringComparator
group:users:r-x
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
RegexpAcrossOutputComparator
.*(?!default).*
setfacl : Remove all but base ACLs for a directory
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -setfacl -b /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
RegexpAcrossOutputComparator
.*(?!charlie).*
RegexpAcrossOutputComparator
.*(?!default).*
RegexpAcrossOutputComparator
.*(?!admin).*
setfacl : Remove all but base ACLs for a file
-fs NAMENODE -touchz /file1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /file1
-fs NAMENODE -setfacl -b /file1
-fs NAMENODE -getfacl /file1
-fs NAMENODE -rm /file1
SubstringComparator
# file: /file1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
group::r--
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!charlie).*
RegexpAcrossOutputComparator
.*(?!admin).*
setfacl : check inherit default ACL to file
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -touchz /dir1/file
-fs NAMENODE -getfacl /dir1/file
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1/file
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rw-
SubstringComparator
user:charlie:r-x
SubstringComparator
group::r-x
SubstringComparator
group:admin:rwx
SubstringComparator
mask::r--
SubstringComparator
other::r--
RegexpAcrossOutputComparator
.*(?!default).*
setfacl : check inherit default ACL to dir
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -getfacl /dir1/dir2
-fs NAMENODE -rm -R /dir1
ExactLineComparator
# file: /dir1/dir2
ExactLineComparator
# owner: USERNAME
ExactLineComparator
# group: supergroup
ExactLineComparator
user::rwx
ExactLineComparator
user:charlie:r-x
ExactLineComparator
group::r-x
RegexpComparator
^group:admin:rwx\b.*
ExactLineComparator
mask::r-x
ExactLineComparator
default:user::rwx
ExactLineComparator
default:user:charlie:r-x
ExactLineComparator
default:group::r-x
ExactLineComparator
default:group:admin:rwx
ExactLineComparator
default:mask::rwx
ExactLineComparator
default:other::r-x
ExactLineComparator
other::r-x
getfacl -R : recursive
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -setfacl -m user:user1:r-x,group:users:rwx /dir1/dir2
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:user1:r-x#LF#group::r-x#LF#group:users:rwx#LF#mask::rwx#LF#other::r-x#LF##LF#
setfacl -R : recursive
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -mkdir /dir1/dir2
-fs NAMENODE -setfacl -R -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:r-x#LF#group::r-x#LF#group:admin:rwx#LF#mask::rwx#LF#other::r-x#LF##LF#
setfacl --set : Set full set of ACLs
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -setfacl --set user::rw-,group::r--,other::r--,user:user1:r-x,group:users:rw- /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:user1:r-x#LF#group::r--#LF#group:users:rw-#LF#mask::rwx#LF#other::r--#LF##LF#
setfacl -x mask : remove mask entry along with other ACL entries
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:r-x,group:admin:rwx /dir1
-fs NAMENODE -setfacl -x mask::,user:charlie,group:admin /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#group::r-x#LF#other::r-x#LF##LF#
getfacl: only default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:rwx /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
SubstringComparator
group::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
SubstringComparator
default:user:charlie:rwx
SubstringComparator
default:group::r-x
SubstringComparator
default:mask::rwx
SubstringComparator
default:other::r-x
getfacl: effective permissions
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m user:charlie:rwx,group::-wx,group:sales:rwx,mask::r-x,default:user:charlie:rwx,default:group::r-x,default:group:sales:rwx,default:mask::rw- /dir1
-fs NAMENODE -getfacl /dir1
-fs NAMENODE -rm -R /dir1
SubstringComparator
# file: /dir1
SubstringComparator
# owner: USERNAME
SubstringComparator
# group: supergroup
SubstringComparator
user::rwx
RegexpComparator
^user:charlie:rwx\t#effective:r-x$
RegexpComparator
^group::-wx\t#effective:--x$
RegexpComparator
^group:sales:rwx\t#effective:r-x$
SubstringComparator
mask::r-x
SubstringComparator
other::r-x
SubstringComparator
default:user::rwx
RegexpComparator
^default:user:charlie:rwx\t#effective:rw-$
RegexpComparator
^default:group::r-x\t#effective:r--$
RegexpComparator
^default:group:sales:rwx\t#effective:rw-$
SubstringComparator
default:mask::rw-
SubstringComparator
default:other::r-x
ls: display extended acl marker
-fs NAMENODE -mkdir -p /dir1/dir2
-fs NAMENODE -setfacl -m user:charlie:rwx,group::-wx,group:sales:rwx,mask::r-x,default:user:charlie:rwx,default:group::r-x,default:group:sales:rwx,default:mask::rw- /dir1/dir2
-fs NAMENODE -ls /dir1
-fs NAMENODE -rm -R /dir1
RegexpComparator
^drwxr-xr-x\+( )*-( )*USERNAME( )*supergroup( )*0( )*[0-9]{4,}-[0-9]{2,}-[0-9]{2,} [0-9]{2,}:[0-9]{2,}( )*/dir1/dir2
setfacl: recursive modify entries with mix of files and directories
-fs NAMENODE -mkdir -p /dir1
-fs NAMENODE -touchz /dir1/file1
-fs NAMENODE -mkdir -p /dir1/dir2
-fs NAMENODE -touchz /dir1/dir2/file2
-fs NAMENODE -setfacl -R -m user:charlie:rwx,default:user:charlie:r-x /dir1
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2/file2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:charlie:rwx#LF#group::r--#LF#mask::rwx#LF#other::r--#LF##LF## file: /dir1/file1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:charlie:rwx#LF#group::r--#LF#mask::rwx#LF#other::r--#LF##LF#
setfacl: recursive remove entries with mix of files and directories
-fs NAMENODE -mkdir -p /dir1
-fs NAMENODE -touchz /dir1/file1
-fs NAMENODE -mkdir -p /dir1/dir2
-fs NAMENODE -touchz /dir1/dir2/file2
-fs NAMENODE -setfacl -R -m user:bob:rwx,user:charlie:rwx,default:user:bob:rwx,default:user:charlie:r-x /dir1
-fs NAMENODE -setfacl -R -x user:bob,default:user:bob /dir1
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2/file2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:charlie:rwx#LF#group::r--#LF#mask::rwx#LF#other::r--#LF##LF## file: /dir1/file1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rw-#LF#user:charlie:rwx#LF#group::r--#LF#mask::rwx#LF#other::r--#LF##LF#
setfacl: recursive set with mix of files and directories
-fs NAMENODE -mkdir -p /dir1
-fs NAMENODE -touchz /dir1/file1
-fs NAMENODE -mkdir -p /dir1/dir2
-fs NAMENODE -touchz /dir1/dir2/file2
-fs NAMENODE -setfacl -R --set user::rwx,user:charlie:rwx,group::r-x,other::r-x,default:user:charlie:r-x /dir1
-fs NAMENODE -getfacl -R /dir1
-fs NAMENODE -rm -R /dir1
ExactComparator
# file: /dir1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF#default:user::rwx#LF#default:user:charlie:r-x#LF#default:group::r-x#LF#default:mask::r-x#LF#default:other::r-x#LF##LF## file: /dir1/dir2/file2#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF##LF## file: /dir1/file1#LF## owner: USERNAME#LF## group: supergroup#LF#user::rwx#LF#user:charlie:rwx#LF#group::r-x#LF#mask::rwx#LF#other::r-x#LF##LF#
copyFromLocal: copying file into a directory with a default ACL
-fs NAMENODE -mkdir /dir1
-fs NAMENODE -setfacl -m default:user:charlie:rwx /dir1
-fs NAMENODE -copyFromLocal CLITEST_DATA/data1k /dir1/data1k
-fs NAMENODE -getfacl /dir1/data1k
-fs NAMENODE -rm -R /dir1
RegexpComparator
^# file: /dir1/data1k$
RegexpComparator
^# owner: USERNAME$
RegexpComparator
^# group: supergroup$
RegexpComparator
^user::rw-$
RegexpComparator
^user:charlie:rwx\t#effective:r--$
RegexpComparator
^group::r-x\t#effective:r--$
RegexpComparator
^mask::r--$
RegexpComparator
^other::r--$
RegexpAcrossOutputComparator
.*(?!default).*