Treat encrypted files as private. Contributed by Daniel Templeton.

This commit is contained in:
Akira Ajisaka 2017-03-07 13:22:11 +09:00
parent 14413989ca
commit f01a69f84f
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50
1 changed files with 14 additions and 3 deletions

View File

@ -294,10 +294,21 @@ public class ClientDistributedCacheManager {
FsAction action, Map<URI, FileStatus> statCache) throws IOException {
FileStatus status = getFileStatus(fs, path.toUri(), statCache);
FsPermission perms = status.getPermission();
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
// Encrypted files are always treated as private. This stance has two
// important side effects. The first is that the encrypted files will be
// downloaded as the job owner instead of the YARN user, which is required
// for the KMS ACLs to work as expected. Second, it prevent a file with
// world readable permissions that is stored in an encryption zone from
// being localized as a publicly shared file with world readable
// permissions.
if (!perms.getEncryptedBit()) {
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
}
}
return false;
}