Treat encrypted files as private. Contributed by Daniel Templeton.

(cherry picked from commit f01a69f84f)
(cherry picked from commit 120f680318)
This commit is contained in:
Akira Ajisaka 2017-03-07 13:22:11 +09:00
parent 39b483e065
commit a47d8283b1
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50
1 changed files with 14 additions and 3 deletions

View File

@ -274,10 +274,21 @@ public class ClientDistributedCacheManager {
FsAction action, Map<URI, FileStatus> statCache) throws IOException {
FileStatus status = getFileStatus(fs, path.toUri(), statCache);
FsPermission perms = status.getPermission();
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
// Encrypted files are always treated as private. This stance has two
// important side effects. The first is that the encrypted files will be
// downloaded as the job owner instead of the YARN user, which is required
// for the KMS ACLs to work as expected. Second, it prevent a file with
// world readable permissions that is stored in an encryption zone from
// being localized as a publicly shared file with world readable
// permissions.
if (!perms.getEncryptedBit()) {
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
}
}
return false;
}