diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
index 560eb5e9ad..743873ea74 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES-fs-encryption.txt
@@ -78,3 +78,6 @@ fs-encryption (Unreleased)
 
     HDFS-6733. Creating encryption zone results in NPE when
     KeyProvider is null. (clamb)
+
+    HDFS-6785. Should not be able to create encryption zone using path
+    to a non-directory file. (clamb)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java
index 7b1331d149..a083ea3a87 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.java
@@ -213,6 +213,11 @@ public class EncryptionZoneManager {
     }
 
     final INodesInPath srcIIP = dir.getINodesInPath4Write(src, false);
+    if (srcIIP != null &&
+        srcIIP.getLastINode() != null &&
+        !srcIIP.getLastINode().isDirectory()) {
+      throw new IOException("Attempt to create an encryption zone for a file.");
+    }
     EncryptionZoneInt ezi = getEncryptionZoneForPath(srcIIP);
     if (ezi != null) {
       throw new IOException("Directory " + src + " is already in an " +
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
index c0551f2896..78f8d8ef3a 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestEncryptionZones.java
@@ -227,6 +227,14 @@ public class TestEncryptionZones {
       assertExceptionContains("create an encryption zone", e);
     }
 
+    /* Test failure of create EZ on a file. */
+    try {
+      dfsAdmin.createEncryptionZone(notEmptyChild, TEST_KEY);
+      fail("Created EZ on a file");
+    } catch (IOException e) {
+      assertExceptionContains("create an encryption zone for a file.", e);
+    }
+
     /* Test failure of creating an EZ passing a key that doesn't exist. */
     final Path zone2 = new Path("/zone2");
     fsWrapper.mkdir(zone2, FsPermission.getDirDefault(), false);