dgadiraju/cdh-admin-acls-01-files.sh

## cdh-admin-acls-01-files.sh
hdfs dfs -touchz /user/cloudera/aclsfile.txt
#Create some test data in local file and append to aclsfile.txt as cloudera
#somedata contains output of hadoop fs -help
hadoop fs -help > somedata
hadoop fs -appendToFile somedata /user/cloudera/aclsfiledemo.txt
hadoop fs -setfacl -m user:itversity:rw- /user/cloudera/aclsfiledemo.txt
hadoop fs -getfacl /user/cloudera/aclsfiledemo.txt

#Now as itversity, you should be able to append data to aclsfiledemo.txt
hadoop fs -help > somedata
hadoop fs -appendToFile somedata /user/cloudera/aclsfiledemo.txt

## cdh-admin-acls-02-directories.sh

#Now let us see on a directory
hadoop fs -mkdir /user/cloudera/aclsdemo
hadoop fs -chmod 757 /user/cloudera/aclsdemo
#Any user on the system will be able to write to /user/cloudera/aclsdemo

#Using acls we can restrict write access to itversity but not demo
#First change the permssions back to 755
hadoop fs -chmod 755 /user/cloudera/aclsdemo
hadoop fs -setfacl -m user:itversity:rwx /user/cloudera/aclsdemo
#Now user itversity should be able to copy files into the directory
#but not other users like demo

#We can give access to demo as well and check the acl details
hadoop fs -setfacl -m user:demo:rwx /user/cloudera/aclsdemo
hadoop fs -getfacl /user/cloudera/aclsdemo

#Default ACL
hadoop fs -setfacl -m default:other::--- /user/cloudera/aclsdemo
hadoop fs -getfacl /user/cloudera/aclsdemo

#We can use --set to override ACLs
hadoop fs -setfacl --set \
  user::rw-,user:itversity:rw-,user:demo:rw-,group::r--,other::r-- \
  /user/cloudera/aclsdemo.txt

hadoop fs -getfacl /user/cloudera/aclsdemo.txt

## cdh-admin-acls-03-remove-acls.sh
#Access from a particular user or group can be removed using -x
hadoop fs -setfacl -x user:demo /user/cloudera/aclsdemo
hadoop fs -getfacl /user/cloudera/aclsdemo

#Using -b we can remove all ACLs that are added
hadoop fs -setfacl -b /user/cloudera/aclsdemo
hadoop fs -getfacl /user/cloudera/aclsdemo

#Remove Default ACL
hadoop fs -setfacl -k /user/cloudera/aclsdemo
hadoop fs -getfacl /user/cloudera/aclsdemo
	hdfs dfs -touchz /user/cloudera/aclsfile.txt
	#Create some test data in local file and append to aclsfile.txt as cloudera
	#somedata contains output of hadoop fs -help
	hadoop fs -help > somedata
	hadoop fs -appendToFile somedata /user/cloudera/aclsfiledemo.txt
	hadoop fs -setfacl -m user:itversity:rw- /user/cloudera/aclsfiledemo.txt
	hadoop fs -getfacl /user/cloudera/aclsfiledemo.txt

	#Now as itversity, you should be able to append data to aclsfiledemo.txt
	hadoop fs -help > somedata
	hadoop fs -appendToFile somedata /user/cloudera/aclsfiledemo.txt

	#Now let us see on a directory
	hadoop fs -mkdir /user/cloudera/aclsdemo
	hadoop fs -chmod 757 /user/cloudera/aclsdemo
	#Any user on the system will be able to write to /user/cloudera/aclsdemo

	#Using acls we can restrict write access to itversity but not demo
	#First change the permssions back to 755
	hadoop fs -chmod 755 /user/cloudera/aclsdemo
	hadoop fs -setfacl -m user:itversity:rwx /user/cloudera/aclsdemo
	#Now user itversity should be able to copy files into the directory
	#but not other users like demo

	#We can give access to demo as well and check the acl details
	hadoop fs -setfacl -m user:demo:rwx /user/cloudera/aclsdemo
	hadoop fs -getfacl /user/cloudera/aclsdemo

	#Default ACL
	hadoop fs -setfacl -m default:other::--- /user/cloudera/aclsdemo
	hadoop fs -getfacl /user/cloudera/aclsdemo

	#We can use --set to override ACLs
	hadoop fs -setfacl --set \
	user::rw-,user:itversity:rw-,user:demo:rw-,group::r--,other::r-- \
	/user/cloudera/aclsdemo.txt

	hadoop fs -getfacl /user/cloudera/aclsdemo.txt