Treat encrypted files as private. Contributed by Daniel Templeton.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f01a69f8 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f01a69f8 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f01a69f8 Branch: refs/heads/YARN-5972 Commit: f01a69f84f4cc7d925d078a7ce32e5800da4e429 Parents: 1441398 Author: Akira Ajisaka <aajis...@apache.org> Authored: Tue Mar 7 13:22:11 2017 +0900 Committer: Akira Ajisaka <aajis...@apache.org> Committed: Tue Mar 7 13:22:11 2017 +0900 ---------------------------------------------------------------------- .../filecache/ClientDistributedCacheManager.java | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/f01a69f8/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/filecache/ClientDistributedCacheManager.java ---------------------------------------------------------------------- diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/filecache/ClientDistributedCacheManager.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/filecache/ClientDistributedCacheManager.java index 73a0330..9f8edb5 100644 --- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/filecache/ClientDistributedCacheManager.java +++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapreduce/filecache/ClientDistributedCacheManager.java @@ -294,10 +294,21 @@ public class ClientDistributedCacheManager { FsAction action, Map<URI, FileStatus> statCache) throws IOException { FileStatus status = getFileStatus(fs, path.toUri(), statCache); FsPermission perms = status.getPermission(); - FsAction otherAction = perms.getOtherAction(); - if (otherAction.implies(action)) { - return true; + + // Encrypted files are always treated as private. This stance has two + // important side effects. The first is that the encrypted files will be + // downloaded as the job owner instead of the YARN user, which is required + // for the KMS ACLs to work as expected. Second, it prevent a file with + // world readable permissions that is stored in an encryption zone from + // being localized as a publicly shared file with world readable + // permissions. + if (!perms.getEncryptedBit()) { + FsAction otherAction = perms.getOtherAction(); + if (otherAction.implies(action)) { + return true; + } } + return false; } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org