big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-11957. Enable POSIX ACL inheritance by default. Contributed by John Zhuge.

Browse Source
This commit is contained in:
John Zhuge 2017-06-09 08:42:16 -07:00
parent a8b75466b2
commit 312e57b954
6 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
View File

@ -269,7 +269,7 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
public static final String DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY = public static final String DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY =
"dfs.namenode.posix.acl.inheritance.enabled"; "dfs.namenode.posix.acl.inheritance.enabled";
public static final boolean public static final boolean
DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_DEFAULT = false; DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_DEFAULT = true;
public static final String DFS_NAMENODE_XATTRS_ENABLED_KEY = "dfs.namenode.xattrs.enabled"; public static final String DFS_NAMENODE_XATTRS_ENABLED_KEY = "dfs.namenode.xattrs.enabled";
public static final boolean DFS_NAMENODE_XATTRS_ENABLED_DEFAULT = true; public static final boolean DFS_NAMENODE_XATTRS_ENABLED_DEFAULT = true;
public static final String DFS_ADMIN = "dfs.cluster.administrators"; public static final String DFS_ADMIN = "dfs.cluster.administrators";

2
hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
View File

@ -459,7 +459,7 @@
<property> <property>
<name>dfs.namenode.posix.acl.inheritance.enabled</name> <name>dfs.namenode.posix.acl.inheritance.enabled</name>
<value>false</value> <value>true</value>
<description> <description>
Set to true to enable POSIX style ACL inheritance. When it is enabled Set to true to enable POSIX style ACL inheritance. When it is enabled
and the create request comes from a compatible client, the NameNode and the create request comes from a compatible client, the NameNode

2
hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
View File

@ -322,7 +322,7 @@ Configuration Parameters
* `dfs.namenode.posix.acl.inheritance.enabled` * `dfs.namenode.posix.acl.inheritance.enabled`
Set to true to enable POSIX style ACL inheritance. Disabled by default. Set to true to enable POSIX style ACL inheritance. Enabled by default.
When it is enabled and the create request comes from a compatible client, When it is enabled and the create request comes from a compatible client,
the NameNode will apply default ACLs from the parent directory to the NameNode will apply default ACLs from the parent directory to
the create mode and ignore the client umask. If no default ACL is found, the create mode and ignore the client umask. If no default ACL is found,

2
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestAclCLI.java
View File

@ -34,6 +34,8 @@ public class TestAclCLI extends CLITestHelperDFS {
protected void initConf() { protected void initConf() {
conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true); conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
conf.setBoolean(
DFSConfigKeys.DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY, false);
} }
@Before @Before

8
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java
View File

@ -903,7 +903,7 @@ public void testDefaultAclNewFile() throws Exception {
assertArrayEquals(new AclEntry[] { assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL), aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned); aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission(filePath, (short)010640); assertPermission(filePath, (short)010660);
assertAclFeature(filePath, true); assertAclFeature(filePath, true);
} }
@ -1003,7 +1003,7 @@ public void testDefaultAclNewDir() throws Exception {
aclEntry(DEFAULT, GROUP, READ_EXECUTE), aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned); aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission(dirPath, (short)010750); assertPermission(dirPath, (short)010770);
assertAclFeature(dirPath, true); assertAclFeature(dirPath, true);
} }
@ -1120,7 +1120,7 @@ public void testDefaultAclNewFileIntermediate() throws Exception {
s = fs.getAclStatus(filePath); s = fs.getAclStatus(filePath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(filePath, (short)010640); assertPermission(filePath, (short)010660);
assertAclFeature(filePath, true); assertAclFeature(filePath, true);
} }
@ -1149,7 +1149,7 @@ public void testDefaultAclNewDirIntermediate() throws Exception {
s = fs.getAclStatus(subdirPath); s = fs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]); returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned); assertArrayEquals(expected, returned);
assertPermission(subdirPath, (short)010750); assertPermission(subdirPath, (short)010770);
assertAclFeature(subdirPath, true); assertAclFeature(subdirPath, true);
} }

14
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java
View File

@ -138,13 +138,15 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
aclEntry(DEFAULT, MASK, ALL), aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, READ_EXECUTE) }; aclEntry(DEFAULT, OTHER, READ_EXECUTE) };
short permExpected = (short)010775;
AclEntry[] fileReturned = fs.getAclStatus(filePath).getEntries() AclEntry[] fileReturned = fs.getAclStatus(filePath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(fileExpected, fileReturned); Assert.assertArrayEquals(fileExpected, fileReturned);
AclEntry[] subdirReturned = fs.getAclStatus(subdirPath).getEntries() AclEntry[] subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -154,7 +156,7 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
aclSpec = Lists.newArrayList(aclEntry(DEFAULT, USER, "foo", READ_WRITE)); aclSpec = Lists.newArrayList(aclEntry(DEFAULT, USER, "foo", READ_WRITE));
fs.modifyAclEntries(dirPath, aclSpec); fs.modifyAclEntries(dirPath, aclSpec);
@ -165,7 +167,7 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -175,7 +177,7 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
fs.removeAcl(dirPath); fs.removeAcl(dirPath);
@ -185,7 +187,7 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace); restart(fs, persistNamespace);
@ -195,7 +197,7 @@ private void doTestDefaultAclNewChildren(boolean persistNamespace)
subdirReturned = fs.getAclStatus(subdirPath).getEntries() subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]); .toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned); Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755); assertPermission(fs, subdirPath, permExpected);
} }
@Test @Test