Search in sources :

Example 1 with FsAction

use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.

the class TestFsPermission method testUMaskParser.

public void testUMaskParser() throws IOException {
    Configuration conf = new Configuration();
    // Ensure that we get the right octal values back for all legal values
    for (FsAction u : FsAction.values()) {
        for (FsAction g : FsAction.values()) {
            for (FsAction o : FsAction.values()) {
                FsPermission f = new FsPermission(u, g, o);
                String asOctal = String.format("%1$03o", f.toShort());
                conf.set(FsPermission.UMASK_LABEL, asOctal);
                FsPermission fromConf = FsPermission.getUMask(conf);
                assertEquals(f, fromConf);
            }
        }
    }
}
Also used : FsAction(org.apache.hadoop.fs.permission.FsAction) Configuration(org.apache.hadoop.conf.Configuration)

Example 2 with FsAction

use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.

the class TestFsPermission method testConvertingPermissions.

/**
   * Ensure that when manually specifying permission modes we get
   * the expected values back out for all combinations
   */
public void testConvertingPermissions() {
    for (short s = 0; s <= 01777; s++) {
        assertEquals(s, new FsPermission(s).toShort());
        // check string formats
        assertEquals(s, new FsPermission(String.format("%03o", s)).toShort());
    }
    short s = 0;
    for (boolean sb : new boolean[] { false, true }) {
        for (FsAction u : FsAction.values()) {
            for (FsAction g : FsAction.values()) {
                for (FsAction o : FsAction.values()) {
                    // Cover constructor with sticky bit.
                    FsPermission f = new FsPermission(u, g, o, sb);
                    assertEquals(s, f.toShort());
                    FsPermission f2 = new FsPermission(f);
                    assertEquals(s, f2.toShort());
                    s++;
                }
            }
        }
    }
    assertEquals(02000, s);
}
Also used : FsAction(org.apache.hadoop.fs.permission.FsAction)

Example 3 with FsAction

use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.

the class FSPermissionChecker method hasPermission.

// return whether access is permitted.  note it neither requires a path or
// throws so the caller can build the path only if required for an exception.
// very beneficial for subaccess checks!
private boolean hasPermission(INodeAttributes inode, FsAction access) {
    if (inode == null) {
        return true;
    }
    final FsPermission mode = inode.getFsPermission();
    final AclFeature aclFeature = inode.getAclFeature();
    if (aclFeature != null) {
        // It's possible that the inode has a default ACL but no access ACL.
        int firstEntry = aclFeature.getEntryAt(0);
        if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
            return hasAclPermission(inode, access, mode, aclFeature);
        }
    }
    final FsAction checkAction;
    if (getUser().equals(inode.getUserName())) {
        //user class
        checkAction = mode.getUserAction();
    } else if (isMemberOfGroup(inode.getGroupName())) {
        //group class
        checkAction = mode.getGroupAction();
    } else {
        //other class
        checkAction = mode.getOtherAction();
    }
    return checkAction.implies(access);
}
Also used : FsAction(org.apache.hadoop.fs.permission.FsAction) FsPermission(org.apache.hadoop.fs.permission.FsPermission)

Example 4 with FsAction

use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.

the class FSDirAclOp method unprotectedRemoveAcl.

private static void unprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip) throws IOException {
    assert fsd.hasWriteLock();
    INode inode = FSDirectory.resolveLastINode(iip);
    int snapshotId = iip.getLatestSnapshotId();
    AclFeature f = inode.getAclFeature();
    if (f == null) {
        return;
    }
    FsPermission perm = inode.getFsPermission();
    List<AclEntry> featureEntries = AclStorage.getEntriesFromAclFeature(f);
    if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) {
        // Restore group permissions from the feature's entry to permission
        // bits, overwriting the mask, which is not part of a minimal ACL.
        AclEntry groupEntryKey = new AclEntry.Builder().setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build();
        int groupEntryIndex = Collections.binarySearch(featureEntries, groupEntryKey, AclTransformation.ACL_ENTRY_COMPARATOR);
        Preconditions.checkPositionIndex(groupEntryIndex, featureEntries.size(), "Invalid group entry index after binary-searching inode: " + inode.getFullPathName() + "(" + inode.getId() + ") " + "with featureEntries:" + featureEntries);
        FsAction groupPerm = featureEntries.get(groupEntryIndex).getPermission();
        FsPermission newPerm = new FsPermission(perm.getUserAction(), groupPerm, perm.getOtherAction(), perm.getStickyBit());
        inode.setPermission(newPerm, snapshotId);
    }
    inode.removeAclFeature(snapshotId);
}
Also used : FsAction(org.apache.hadoop.fs.permission.FsAction) AclEntry(org.apache.hadoop.fs.permission.AclEntry) FsPermission(org.apache.hadoop.fs.permission.FsPermission)

Example 5 with FsAction

use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.

the class ClientDistributedCacheManager method checkPermissionOfOther.

/**
   * Checks for a given path whether the Other permissions on it 
   * imply the permission in the passed FsAction
   * @param fs
   * @param path
   * @param action
   * @return true if the path in the uri is visible to all, false otherwise
   * @throws IOException
   */
private static boolean checkPermissionOfOther(FileSystem fs, Path path, FsAction action, Map<URI, FileStatus> statCache) throws IOException {
    FileStatus status = getFileStatus(fs, path.toUri(), statCache);
    FsPermission perms = status.getPermission();
    // permissions.
    if (!perms.getEncryptedBit()) {
        FsAction otherAction = perms.getOtherAction();
        if (otherAction.implies(action)) {
            return true;
        }
    }
    return false;
}
Also used : FsAction(org.apache.hadoop.fs.permission.FsAction) FileStatus(org.apache.hadoop.fs.FileStatus) FsPermission(org.apache.hadoop.fs.permission.FsPermission)

Aggregations

FsAction (org.apache.hadoop.fs.permission.FsAction)16 FsPermission (org.apache.hadoop.fs.permission.FsPermission)8 FileStatus (org.apache.hadoop.fs.FileStatus)4 AclEntry (org.apache.hadoop.fs.permission.AclEntry)3 AclEntryType (org.apache.hadoop.fs.permission.AclEntryType)2 AccessControlException (java.security.AccessControlException)1 Configuration (org.apache.hadoop.conf.Configuration)1 AclEntryScope (org.apache.hadoop.fs.permission.AclEntryScope)1 ScopedAclEntries (org.apache.hadoop.fs.permission.ScopedAclEntries)1 AclException (org.apache.hadoop.hdfs.protocol.AclException)1