HDFS-14359. Inherited ACL permissions masked when parent directory does not exist (mkdir -p)
(Contributed by Stephen O'Donnell via Daniel Templeton) Change-Id: Ia83f799a8f56aa8057a967b234f184683395fa41
This commit is contained in:
parent
710cbc9bd6
commit
3f6d6d2811
@ -17,6 +17,7 @@
|
||||
*/
|
||||
package org.apache.hadoop.hdfs.server.namenode;
|
||||
|
||||
import org.apache.hadoop.fs.permission.FsCreateModes;
|
||||
import com.google.common.base.Preconditions;
|
||||
import org.apache.hadoop.fs.FileAlreadyExistsException;
|
||||
import org.apache.hadoop.fs.FileStatus;
|
||||
@ -187,10 +188,19 @@ private static INodesInPath createSingleDirectory(FSDirectory fsd,
|
||||
private static PermissionStatus addImplicitUwx(PermissionStatus parentPerm,
|
||||
PermissionStatus perm) {
|
||||
FsPermission p = parentPerm.getPermission();
|
||||
FsPermission ancestorPerm = new FsPermission(
|
||||
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
||||
p.getGroupAction(),
|
||||
p.getOtherAction());
|
||||
FsPermission ancestorPerm;
|
||||
if (p.getUnmasked() == null) {
|
||||
ancestorPerm = new FsPermission(
|
||||
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
||||
p.getGroupAction(),
|
||||
p.getOtherAction());
|
||||
} else {
|
||||
ancestorPerm = FsCreateModes.create(
|
||||
new FsPermission(
|
||||
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
||||
p.getGroupAction(),
|
||||
p.getOtherAction()), p.getUnmasked());
|
||||
}
|
||||
return new PermissionStatus(perm.getUserName(), perm.getGroupName(),
|
||||
ancestorPerm);
|
||||
}
|
||||
|
@ -1150,7 +1150,7 @@ public void testDefaultAclNewDirIntermediate() throws Exception {
|
||||
AclStatus s = fs.getAclStatus(dirPath);
|
||||
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
|
||||
assertArrayEquals(expected, returned);
|
||||
assertPermission(dirPath, (short)010750);
|
||||
assertPermission(dirPath, (short)010770);
|
||||
assertAclFeature(dirPath, true);
|
||||
s = fs.getAclStatus(subdirPath);
|
||||
returned = s.getEntries().toArray(new AclEntry[0]);
|
||||
|
@ -740,6 +740,83 @@
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
<test>
|
||||
<!-- Added to verify HDFS-14359 -->
|
||||
<description>setfacl : check inherit default ACL to ancestor dir with mkdir -p</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /dir1</command>
|
||||
<command>-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1</command>
|
||||
<command>-fs NAMENODE -mkdir -p /dir1/dir2/dir3</command>
|
||||
<command>-fs NAMENODE -getfacl /dir1/dir2</command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rm -R /dir1</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># file: /dir1/dir2</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># owner: USERNAME</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># group: supergroup</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<!-- Ensure there is no #effective comment after the permissions, masking them -->
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^user:charlie:r-x$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>group::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<!-- Ensure there is no #effective comment after the permissions, masking them -->
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^group:admin:rwx$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^mask::rwx$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:user:charlie:r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:group::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:group:admin:rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:mask::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:other::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>other::r-x</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
<test>
|
||||
<description>getfacl -R : recursive</description>
|
||||
<test-commands>
|
||||
|
Loading…
Reference in New Issue
Block a user