Using CLI Commands to Create and List ACLs
Two new sub-commands are added to FsShell: setfacl and getfacl. These commands are modeled after the same Linux shell commands, but fewer flags are
implemented. Support for additional flags may be added later if required.
setfacl
Sets ACLs for files and directories.
Example:
-setfacl [-bkR] {-m|-x} <acl_spec> <path>-setfacl --set <acl_spec> <path>
Options:
Table 6.1. ACL Options
Option Description -bRemove all entries, but retain the base ACL entries. The entries for User, Group, and Others are retained for compatbility with Permission Bits. -kRemove the default ACL. -RApply operations to all files and directories recursively. -mModify the ACL. New entires are added to the ACL, and existing entries are retained. -xRemove the specified ACL entires. All other ACL entries are retained. --setFully replace the ACL and discard all existing entries. The acl_spec must include entries for User, Group, and Others for compatibility with Permission Bits. <acl_spec>A comma-separated list of ACL entries. <path>The path to the file or directory to modify. Examples:
hdfs dfs -setfacl -m user:hadoop:rw- /file hdfs dfs -setfacl -x user:hadoop /file hdfs dfs -setfacl -b /file hdfs dfs -setfacl -k /dir hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /file hdfs dfs -setfacl -R -m user:hadoop:r-x /dir hdfs dfs -setfacl -m default:user:hadoop:r-x /dir
Exit Code:
Returns 0 on success and non-zero on error.
getfacl
Displays the ACLs of files and directories. If a directory has a default ACL,
getfaclalso displays the default ACL.Usage:
-getfacl [-R] <path>
Options:
Table 6.2. getfacl Options
Option Description -RList the ACLs of all files and directories recursively. <path>The path to the file or directory to list. Examples:
hdfs dfs -getfacl /file hdfs dfs -getfacl -R /dir
Exit Code:
Returns 0 on success and non-zero on error.