HDFS-14359. Inherited ACL permissions masked when parent directory does not exist (mkdir -p)
(Contributed by Stephen O'Donnell via Daniel Templeton) Change-Id: Ia83f799a8f56aa8057a967b234f184683395fa41
This commit is contained in:
parent
710cbc9bd6
commit
3f6d6d2811
|
@ -17,6 +17,7 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.hadoop.hdfs.server.namenode;
|
package org.apache.hadoop.hdfs.server.namenode;
|
||||||
|
|
||||||
|
import org.apache.hadoop.fs.permission.FsCreateModes;
|
||||||
import com.google.common.base.Preconditions;
|
import com.google.common.base.Preconditions;
|
||||||
import org.apache.hadoop.fs.FileAlreadyExistsException;
|
import org.apache.hadoop.fs.FileAlreadyExistsException;
|
||||||
import org.apache.hadoop.fs.FileStatus;
|
import org.apache.hadoop.fs.FileStatus;
|
||||||
|
@ -187,10 +188,19 @@ class FSDirMkdirOp {
|
||||||
private static PermissionStatus addImplicitUwx(PermissionStatus parentPerm,
|
private static PermissionStatus addImplicitUwx(PermissionStatus parentPerm,
|
||||||
PermissionStatus perm) {
|
PermissionStatus perm) {
|
||||||
FsPermission p = parentPerm.getPermission();
|
FsPermission p = parentPerm.getPermission();
|
||||||
FsPermission ancestorPerm = new FsPermission(
|
FsPermission ancestorPerm;
|
||||||
|
if (p.getUnmasked() == null) {
|
||||||
|
ancestorPerm = new FsPermission(
|
||||||
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
||||||
p.getGroupAction(),
|
p.getGroupAction(),
|
||||||
p.getOtherAction());
|
p.getOtherAction());
|
||||||
|
} else {
|
||||||
|
ancestorPerm = FsCreateModes.create(
|
||||||
|
new FsPermission(
|
||||||
|
p.getUserAction().or(FsAction.WRITE_EXECUTE),
|
||||||
|
p.getGroupAction(),
|
||||||
|
p.getOtherAction()), p.getUnmasked());
|
||||||
|
}
|
||||||
return new PermissionStatus(perm.getUserName(), perm.getGroupName(),
|
return new PermissionStatus(perm.getUserName(), perm.getGroupName(),
|
||||||
ancestorPerm);
|
ancestorPerm);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1150,7 +1150,7 @@ public abstract class FSAclBaseTest {
|
||||||
AclStatus s = fs.getAclStatus(dirPath);
|
AclStatus s = fs.getAclStatus(dirPath);
|
||||||
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
|
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
|
||||||
assertArrayEquals(expected, returned);
|
assertArrayEquals(expected, returned);
|
||||||
assertPermission(dirPath, (short)010750);
|
assertPermission(dirPath, (short)010770);
|
||||||
assertAclFeature(dirPath, true);
|
assertAclFeature(dirPath, true);
|
||||||
s = fs.getAclStatus(subdirPath);
|
s = fs.getAclStatus(subdirPath);
|
||||||
returned = s.getEntries().toArray(new AclEntry[0]);
|
returned = s.getEntries().toArray(new AclEntry[0]);
|
||||||
|
|
|
@ -740,6 +740,83 @@
|
||||||
</comparator>
|
</comparator>
|
||||||
</comparators>
|
</comparators>
|
||||||
</test>
|
</test>
|
||||||
|
<test>
|
||||||
|
<!-- Added to verify HDFS-14359 -->
|
||||||
|
<description>setfacl : check inherit default ACL to ancestor dir with mkdir -p</description>
|
||||||
|
<test-commands>
|
||||||
|
<command>-fs NAMENODE -mkdir /dir1</command>
|
||||||
|
<command>-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1</command>
|
||||||
|
<command>-fs NAMENODE -mkdir -p /dir1/dir2/dir3</command>
|
||||||
|
<command>-fs NAMENODE -getfacl /dir1/dir2</command>
|
||||||
|
</test-commands>
|
||||||
|
<cleanup-commands>
|
||||||
|
<command>-fs NAMENODE -rm -R /dir1</command>
|
||||||
|
</cleanup-commands>
|
||||||
|
<comparators>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output># file: /dir1/dir2</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output># owner: USERNAME</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output># group: supergroup</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>user::rwx</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<!-- Ensure there is no #effective comment after the permissions, masking them -->
|
||||||
|
<type>RegexpComparator</type>
|
||||||
|
<expected-output>^user:charlie:r-x$</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>group::r-x</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<!-- Ensure there is no #effective comment after the permissions, masking them -->
|
||||||
|
<type>RegexpComparator</type>
|
||||||
|
<expected-output>^group:admin:rwx$</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>RegexpComparator</type>
|
||||||
|
<expected-output>^mask::rwx$</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:user::rwx</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:user:charlie:r-x</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:group::r-x</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:group:admin:rwx</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:mask::rwx</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>default:other::r-x</expected-output>
|
||||||
|
</comparator>
|
||||||
|
<comparator>
|
||||||
|
<type>SubstringComparator</type>
|
||||||
|
<expected-output>other::r-x</expected-output>
|
||||||
|
</comparator>
|
||||||
|
</comparators>
|
||||||
|
</test>
|
||||||
<test>
|
<test>
|
||||||
<description>getfacl -R : recursive</description>
|
<description>getfacl -R : recursive</description>
|
||||||
<test-commands>
|
<test-commands>
|
||||||
|
|
Loading…
Reference in New Issue