You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by te...@apache.org on 2019/03/25 23:27:15 UTC
[hadoop] branch trunk updated: HDFS-14359. Inherited ACL
permissions masked when parent directory does not exist (mkdir -p)
(Contributed by Stephen O'Donnell via Daniel Templeton)
This is an automated email from the ASF dual-hosted git repository.
templedf pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 3f6d6d2 HDFS-14359. Inherited ACL permissions masked when parent directory does not exist (mkdir -p) (Contributed by Stephen O'Donnell via Daniel Templeton)
3f6d6d2 is described below
commit 3f6d6d28119049b003cb81735ce675e52d0d2104
Author: Stephen O'Donnell <so...@cloudera.com>
AuthorDate: Mon Mar 25 16:16:13 2019 -0700
HDFS-14359. Inherited ACL permissions masked when parent directory does not exist (mkdir -p)
(Contributed by Stephen O'Donnell via Daniel Templeton)
Change-Id: Ia83f799a8f56aa8057a967b234f184683395fa41
---
.../hadoop/hdfs/server/namenode/FSDirMkdirOp.java | 18 +++--
.../hadoop/hdfs/server/namenode/FSAclBaseTest.java | 2 +-
.../testAclCLIWithPosixAclInheritance.xml | 77 ++++++++++++++++++++++
3 files changed, 92 insertions(+), 5 deletions(-)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirMkdirOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirMkdirOp.java
index 2f0a0fc..95e8898 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirMkdirOp.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirMkdirOp.java
@@ -17,6 +17,7 @@
*/
package org.apache.hadoop.hdfs.server.namenode;
+import org.apache.hadoop.fs.permission.FsCreateModes;
import com.google.common.base.Preconditions;
import org.apache.hadoop.fs.FileAlreadyExistsException;
import org.apache.hadoop.fs.FileStatus;
@@ -187,10 +188,19 @@ class FSDirMkdirOp {
private static PermissionStatus addImplicitUwx(PermissionStatus parentPerm,
PermissionStatus perm) {
FsPermission p = parentPerm.getPermission();
- FsPermission ancestorPerm = new FsPermission(
- p.getUserAction().or(FsAction.WRITE_EXECUTE),
- p.getGroupAction(),
- p.getOtherAction());
+ FsPermission ancestorPerm;
+ if (p.getUnmasked() == null) {
+ ancestorPerm = new FsPermission(
+ p.getUserAction().or(FsAction.WRITE_EXECUTE),
+ p.getGroupAction(),
+ p.getOtherAction());
+ } else {
+ ancestorPerm = FsCreateModes.create(
+ new FsPermission(
+ p.getUserAction().or(FsAction.WRITE_EXECUTE),
+ p.getGroupAction(),
+ p.getOtherAction()), p.getUnmasked());
+ }
return new PermissionStatus(perm.getUserName(), perm.getGroupName(),
ancestorPerm);
}
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java
index ee92217..fd50648 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/FSAclBaseTest.java
@@ -1150,7 +1150,7 @@ public abstract class FSAclBaseTest {
AclStatus s = fs.getAclStatus(dirPath);
AclEntry[] returned = s.getEntries().toArray(new AclEntry[0]);
assertArrayEquals(expected, returned);
- assertPermission(dirPath, (short)010750);
+ assertPermission(dirPath, (short)010770);
assertAclFeature(dirPath, true);
s = fs.getAclStatus(subdirPath);
returned = s.getEntries().toArray(new AclEntry[0]);
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testAclCLIWithPosixAclInheritance.xml b/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testAclCLIWithPosixAclInheritance.xml
index 7e9ace1..9ff71b8 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testAclCLIWithPosixAclInheritance.xml
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/resources/testAclCLIWithPosixAclInheritance.xml
@@ -741,6 +741,83 @@
</comparators>
</test>
<test>
+ <!-- Added to verify HDFS-14359 -->
+ <description>setfacl : check inherit default ACL to ancestor dir with mkdir -p</description>
+ <test-commands>
+ <command>-fs NAMENODE -mkdir /dir1</command>
+ <command>-fs NAMENODE -setfacl -m default:user:charlie:r-x,default:group:admin:rwx /dir1</command>
+ <command>-fs NAMENODE -mkdir -p /dir1/dir2/dir3</command>
+ <command>-fs NAMENODE -getfacl /dir1/dir2</command>
+ </test-commands>
+ <cleanup-commands>
+ <command>-fs NAMENODE -rm -R /dir1</command>
+ </cleanup-commands>
+ <comparators>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output># file: /dir1/dir2</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output># owner: USERNAME</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output># group: supergroup</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>user::rwx</expected-output>
+ </comparator>
+ <comparator>
+ <!-- Ensure there is no #effective comment after the permissions, masking them -->
+ <type>RegexpComparator</type>
+ <expected-output>^user:charlie:r-x$</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>group::r-x</expected-output>
+ </comparator>
+ <comparator>
+ <!-- Ensure there is no #effective comment after the permissions, masking them -->
+ <type>RegexpComparator</type>
+ <expected-output>^group:admin:rwx$</expected-output>
+ </comparator>
+ <comparator>
+ <type>RegexpComparator</type>
+ <expected-output>^mask::rwx$</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:user::rwx</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:user:charlie:r-x</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:group::r-x</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:group:admin:rwx</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:mask::rwx</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>default:other::r-x</expected-output>
+ </comparator>
+ <comparator>
+ <type>SubstringComparator</type>
+ <expected-output>other::r-x</expected-output>
+ </comparator>
+ </comparators>
+ </test>
+ <test>
<description>getfacl -R : recursive</description>
<test-commands>
<command>-fs NAMENODE -mkdir /dir1</command>
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org