Treat encrypted files as private. Contributed by Daniel Templeton.

This commit is contained in:
Akira Ajisaka 2017-03-07 13:22:11 +09:00
parent 14413989ca
commit f01a69f84f
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50

View File

@ -294,10 +294,21 @@ private static boolean checkPermissionOfOther(FileSystem fs, Path path,
FsAction action, Map<URI, FileStatus> statCache) throws IOException {
FileStatus status = getFileStatus(fs, path.toUri(), statCache);
FsPermission perms = status.getPermission();
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
// Encrypted files are always treated as private. This stance has two
// important side effects. The first is that the encrypted files will be
// downloaded as the job owner instead of the YARN user, which is required
// for the KMS ACLs to work as expected. Second, it prevent a file with
// world readable permissions that is stored in an encryption zone from
// being localized as a publicly shared file with world readable
// permissions.
if (!perms.getEncryptedBit()) {
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
}
}
return false;
}