Treat encrypted files as private. Contributed by Daniel Templeton.
This commit is contained in:
parent
14413989ca
commit
f01a69f84f
@ -294,10 +294,21 @@ private static boolean checkPermissionOfOther(FileSystem fs, Path path,
|
||||
FsAction action, Map<URI, FileStatus> statCache) throws IOException {
|
||||
FileStatus status = getFileStatus(fs, path.toUri(), statCache);
|
||||
FsPermission perms = status.getPermission();
|
||||
|
||||
// Encrypted files are always treated as private. This stance has two
|
||||
// important side effects. The first is that the encrypted files will be
|
||||
// downloaded as the job owner instead of the YARN user, which is required
|
||||
// for the KMS ACLs to work as expected. Second, it prevent a file with
|
||||
// world readable permissions that is stored in an encryption zone from
|
||||
// being localized as a publicly shared file with world readable
|
||||
// permissions.
|
||||
if (!perms.getEncryptedBit()) {
|
||||
FsAction otherAction = perms.getOtherAction();
|
||||
if (otherAction.implies(action)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user