From 1b525a9c32fabd8919c80717a58afbfa7fdce27e Mon Sep 17 00:00:00 2001 From: cnauroth Date: Wed, 21 Oct 2015 16:39:02 -0700 Subject: [PATCH] HDFS-9273. ACLs on root directory may be lost after NN restart. Contributed by Xiao Chen. --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 ++ .../server/namenode/FSImageFormatPBINode.java | 4 +++ .../server/namenode/TestFSImageWithAcl.java | 29 +++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 4565f8a337..949dc804d1 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -2107,6 +2107,9 @@ Release 2.8.0 - UNRELEASED HDFS-9274. Default value of dfs.datanode.directoryscan.throttle.limit.ms.per.sec should be consistent. (Yi Liu via zhz) + HDFS-9273. ACLs on root directory may be lost after NN restart. + (Xiao Chen via cnauroth) + Release 2.7.2 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java index 34b28e4ba0..cf7895bfbd 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSImageFormatPBINode.java @@ -418,6 +418,10 @@ private void loadRootINode(INodeSection.INode p) { } dir.rootDir.cloneModificationTime(root); dir.rootDir.clonePermissionStatus(root); + final AclFeature af = root.getFeature(AclFeature.class); + if (af != null) { + dir.rootDir.addAclFeature(af); + } // root dir supports having extended attributes according to POSIX final XAttrFeature f = root.getXAttrFeature(); if (f != null) { diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java index bd88478357..690fec6aae 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java @@ -206,6 +206,35 @@ public void testEditLogDefaultAclNewChildren() throws IOException { doTestDefaultAclNewChildren(false); } + @Test + public void testRootACLAfterLoadingFsImage() throws IOException { + DistributedFileSystem fs = cluster.getFileSystem(); + Path rootdir = new Path("/"); + AclEntry e1 = new AclEntry.Builder().setName("foo") + .setPermission(ALL).setScope(ACCESS).setType(GROUP).build(); + AclEntry e2 = new AclEntry.Builder().setName("bar") + .setPermission(READ).setScope(ACCESS).setType(GROUP).build(); + fs.modifyAclEntries(rootdir, Lists.newArrayList(e1, e2)); + + AclStatus s = cluster.getNamesystem().getAclStatus(rootdir.toString()); + AclEntry[] returned = + Lists.newArrayList(s.getEntries()).toArray(new AclEntry[0]); + Assert.assertArrayEquals( + new AclEntry[] { aclEntry(ACCESS, GROUP, READ_EXECUTE), + aclEntry(ACCESS, GROUP, "bar", READ), + aclEntry(ACCESS, GROUP, "foo", ALL) }, returned); + + // restart - hence save and load from fsimage + restart(fs, true); + + s = cluster.getNamesystem().getAclStatus(rootdir.toString()); + returned = Lists.newArrayList(s.getEntries()).toArray(new AclEntry[0]); + Assert.assertArrayEquals( + new AclEntry[] { aclEntry(ACCESS, GROUP, READ_EXECUTE), + aclEntry(ACCESS, GROUP, "bar", READ), + aclEntry(ACCESS, GROUP, "foo", ALL) }, returned); + } + /** * Restart the NameNode, optionally saving a new checkpoint. *