In addition to configuring a bucket ACL, the root directory entry should be created and secured immediately after bucket creation.
This procedure should be performed as the bucket owner, which is
hdfs in this example.
Set the mode bits in the root directory object ACL so that only the bucket owner and the default group have access to the bucket. The
other group, which includes all ECS HDFS client users, is not allowed access the root directory, and therefore it is not allowed access to any files in the bucket.