zhouyingchao created HDFS-8649:
----------------------------------
Summary: Default ACL is not inherited if directory is generated by
FileSystem.create interface
Key: HDFS-8649
URL: https://issues.apache.org/jira/browse/HDFS-8649
Project: Hadoop HDFS
Issue Type: Bug
Reporter: zhouyingchao
Assignee: zhouyingchao
I have a directory /acltest/t, whose acl is as following:
{code}
# file: /acltest/t
# owner: hdfs_tst_admin
# group: supergroup
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::rwx
{code}
My program create a file /acltest/t/a/b using the FileSystem.create interface.
The acl of directory /acltest/t/a is as following:
{code}
# file: /acltest/t/a
# owner: hdfs_tst_admin
# group: supergroup
user::rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:mask::rwx
default:other::rwx
{code}
As you can see, the child directory "b" did not inherit its parent's default
acl for other.
By looking into the implementation, the FileSystem.create interface will
automatically create non-existing entries in the path, it is done by calling
FSNamesystem.mkdirsRecursively and hard-coded the third param
(inheritPermission) as true. In FSNamesystem.mkdirsRecursively, when
inheritPermission is true, the parent's real permission (rather than
calculation from default acl) would be used as the new directory's permission.
Is this behavior correct? The default acl is not worked as people expected. It
kind of render many access issues in our setup.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
