Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-11957. Enable POSIX ACL inheritance by default. Contributed by John Zhuge.

This commit is contained in:
John Zhuge 2017-06-09 08:42:16 -07:00
parent a8b75466b2
commit 312e57b954
6 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
View File

@ -269,7 +269,7 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
public static final String DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY =
"dfs.namenode.posix.acl.inheritance.enabled";
public static final boolean
DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_DEFAULT = false;
DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_DEFAULT = true;
public static final String DFS_NAMENODE_XATTRS_ENABLED_KEY = "dfs.namenode.xattrs.enabled";
public static final boolean DFS_NAMENODE_XATTRS_ENABLED_DEFAULT = true;
public static final String DFS_ADMIN = "dfs.cluster.administrators";

2
hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
View File

@ -459,7 +459,7 @@
<property>
<name>dfs.namenode.posix.acl.inheritance.enabled</name>
<value>false</value>
<value>true</value>
<description>
Set to true to enable POSIX style ACL inheritance. When it is enabled
and the create request comes from a compatible client, the NameNode

2
hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/HdfsPermissionsGuide.md
View File

@ -322,7 +322,7 @@ Configuration Parameters
* `dfs.namenode.posix.acl.inheritance.enabled`
Set to true to enable POSIX style ACL inheritance. Disabled by default.
Set to true to enable POSIX style ACL inheritance. Enabled by default.
When it is enabled and the create request comes from a compatible client,
the NameNode will apply default ACLs from the parent directory to
the create mode and ignore the client umask. If no default ACL is found,

2
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/cli/TestAclCLI.java
View File

@ -34,6 +34,8 @@ public class TestAclCLI extends CLITestHelperDFS {
protected void initConf() {
conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
conf.setBoolean(
DFSConfigKeys.DFS_NAMENODE_POSIX_ACL_INHERITANCE_ENABLED_KEY, false);
}
@Before

8
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java
View File

@ -903,7 +903,7 @@ public abstract class FSAclBaseTest {
assertArrayEquals(new AclEntry[] {
aclEntry(ACCESS, USER, "foo", ALL),
aclEntry(ACCESS, GROUP, READ_EXECUTE) }, returned);
assertPermission(filePath, (short)010640);
assertPermission(filePath, (short)010660);
assertAclFeature(filePath, true);
}
@ -1003,7 +1003,7 @@ public abstract class FSAclBaseTest {
aclEntry(DEFAULT, GROUP, READ_EXECUTE),
aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, NONE) }, returned);
assertPermission(dirPath, (short)010750);
assertPermission(dirPath, (short)010770);
assertAclFeature(dirPath, true);
}
@ -1120,7 +1120,7 @@ public abstract class FSAclBaseTest {
s = fs.getAclStatus(filePath);
returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned);
assertPermission(filePath, (short)010640);
assertPermission(filePath, (short)010660);
assertAclFeature(filePath, true);
}
@ -1149,7 +1149,7 @@ public abstract class FSAclBaseTest {
s = fs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned);
assertPermission(subdirPath, (short)010750);
assertPermission(subdirPath, (short)010770);
assertAclFeature(subdirPath, true);
}

14
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSImageWithAcl.java
View File

@ -138,13 +138,15 @@ public class TestFSImageWithAcl {
aclEntry(DEFAULT, MASK, ALL),
aclEntry(DEFAULT, OTHER, READ_EXECUTE) };
short permExpected = (short)010775;
AclEntry[] fileReturned = fs.getAclStatus(filePath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(fileExpected, fileReturned);
AclEntry[] subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace);
@ -154,7 +156,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
aclSpec = Lists.newArrayList(aclEntry(DEFAULT, USER, "foo", READ_WRITE));
fs.modifyAclEntries(dirPath, aclSpec);
@ -165,7 +167,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace);
@ -175,7 +177,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
fs.removeAcl(dirPath);
@ -185,7 +187,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
restart(fs, persistNamespace);
@ -195,7 +197,7 @@ public class TestFSImageWithAcl {
subdirReturned = fs.getAclStatus(subdirPath).getEntries()
.toArray(new AclEntry[0]);
Assert.assertArrayEquals(subdirExpected, subdirReturned);
assertPermission(fs, subdirPath, (short)010755);
assertPermission(fs, subdirPath, permExpected);
}
@Test