From e9b6b81de44ff5fb9f833cfc32c69b644eb46bad Mon Sep 17 00:00:00 2001 From: Ayush Saxena Date: Tue, 13 Aug 2019 19:17:10 +0530 Subject: [PATCH] HDFS-13505. Turn on HDFS ACLs by default. Contributed by Siyao Meng. --- .../src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java | 2 +- .../hadoop-hdfs/src/main/resources/hdfs-default.xml | 4 ++-- .../hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md | 2 +- .../hadoop/hdfs/server/namenode/TestAclConfigFlag.java | 5 +---- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java index 32db6a5589..15f5a417cb 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java @@ -299,7 +299,7 @@ public class DFSConfigKeys extends CommonConfigurationKeys { HdfsClientConfigKeys.DeprecatedKeys.DFS_PERMISSIONS_SUPERUSERGROUP_KEY; public static final String DFS_PERMISSIONS_SUPERUSERGROUP_DEFAULT = "supergroup"; public static final String DFS_NAMENODE_ACLS_ENABLED_KEY = "dfs.namenode.acls.enabled"; - public static final boolean DFS_NAMENODE_ACLS_ENABLED_DEFAULT = false; + public static final boolean DFS_NAMENODE_ACLS_ENABLED_DEFAULT = true; public static final String DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY = "dfs.namenode.posix.acl.inheritance.enabled"; public static final boolean diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml index 2f7a4ad3a9..8b57fde2e5 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml @@ -510,10 +510,10 @@ dfs.namenode.acls.enabled - false + true Set to true to enable support for HDFS ACLs (Access Control Lists). By - default, ACLs are disabled. When ACLs are disabled, the NameNode rejects + default, ACLs are enabled. When ACLs are disabled, the NameNode rejects all RPCs related to setting or getting ACLs. diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md index a4a3b7d5cb..3c284c98f3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md +++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md @@ -319,7 +319,7 @@ Configuration Parameters * `dfs.namenode.acls.enabled = true` Set to true to enable support for HDFS ACLs (Access Control Lists). By - default, ACLs are disabled. When ACLs are disabled, the NameNode rejects + default, ACLs are enabled. When ACLs are disabled, the NameNode rejects all attempts to set an ACL. * `dfs.namenode.posix.acl.inheritance.enabled` diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAclConfigFlag.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAclConfigFlag.java index 36539e59c9..33f9081c66 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAclConfigFlag.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAclConfigFlag.java @@ -160,10 +160,7 @@ private void expectException() { private void initCluster(boolean format, boolean aclsEnabled) throws Exception { Configuration conf = new Configuration(); - // not explicitly setting to false, should be false by default - if (aclsEnabled) { - conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true); - } + conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, aclsEnabled); cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).format(format) .build(); cluster.waitActive();