use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.
the class TestFsPermission method testUMaskParser.
public void testUMaskParser() throws IOException {
Configuration conf = new Configuration();
// Ensure that we get the right octal values back for all legal values
for (FsAction u : FsAction.values()) {
for (FsAction g : FsAction.values()) {
for (FsAction o : FsAction.values()) {
FsPermission f = new FsPermission(u, g, o);
String asOctal = String.format("%1$03o", f.toShort());
conf.set(FsPermission.UMASK_LABEL, asOctal);
FsPermission fromConf = FsPermission.getUMask(conf);
assertEquals(f, fromConf);
}
}
}
}
use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.
the class TestFsPermission method testConvertingPermissions.
/**
* Ensure that when manually specifying permission modes we get
* the expected values back out for all combinations
*/
public void testConvertingPermissions() {
for (short s = 0; s <= 01777; s++) {
assertEquals(s, new FsPermission(s).toShort());
// check string formats
assertEquals(s, new FsPermission(String.format("%03o", s)).toShort());
}
short s = 0;
for (boolean sb : new boolean[] { false, true }) {
for (FsAction u : FsAction.values()) {
for (FsAction g : FsAction.values()) {
for (FsAction o : FsAction.values()) {
// Cover constructor with sticky bit.
FsPermission f = new FsPermission(u, g, o, sb);
assertEquals(s, f.toShort());
FsPermission f2 = new FsPermission(f);
assertEquals(s, f2.toShort());
s++;
}
}
}
}
assertEquals(02000, s);
}
use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.
the class FSPermissionChecker method hasPermission.
// return whether access is permitted. note it neither requires a path or
// throws so the caller can build the path only if required for an exception.
// very beneficial for subaccess checks!
private boolean hasPermission(INodeAttributes inode, FsAction access) {
if (inode == null) {
return true;
}
final FsPermission mode = inode.getFsPermission();
final AclFeature aclFeature = inode.getAclFeature();
if (aclFeature != null) {
// It's possible that the inode has a default ACL but no access ACL.
int firstEntry = aclFeature.getEntryAt(0);
if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
return hasAclPermission(inode, access, mode, aclFeature);
}
}
final FsAction checkAction;
if (getUser().equals(inode.getUserName())) {
//user class
checkAction = mode.getUserAction();
} else if (isMemberOfGroup(inode.getGroupName())) {
//group class
checkAction = mode.getGroupAction();
} else {
//other class
checkAction = mode.getOtherAction();
}
return checkAction.implies(access);
}
use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.
the class FSDirAclOp method unprotectedRemoveAcl.
private static void unprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip) throws IOException {
assert fsd.hasWriteLock();
INode inode = FSDirectory.resolveLastINode(iip);
int snapshotId = iip.getLatestSnapshotId();
AclFeature f = inode.getAclFeature();
if (f == null) {
return;
}
FsPermission perm = inode.getFsPermission();
List<AclEntry> featureEntries = AclStorage.getEntriesFromAclFeature(f);
if (featureEntries.get(0).getScope() == AclEntryScope.ACCESS) {
// Restore group permissions from the feature's entry to permission
// bits, overwriting the mask, which is not part of a minimal ACL.
AclEntry groupEntryKey = new AclEntry.Builder().setScope(AclEntryScope.ACCESS).setType(AclEntryType.GROUP).build();
int groupEntryIndex = Collections.binarySearch(featureEntries, groupEntryKey, AclTransformation.ACL_ENTRY_COMPARATOR);
Preconditions.checkPositionIndex(groupEntryIndex, featureEntries.size(), "Invalid group entry index after binary-searching inode: " + inode.getFullPathName() + "(" + inode.getId() + ") " + "with featureEntries:" + featureEntries);
FsAction groupPerm = featureEntries.get(groupEntryIndex).getPermission();
FsPermission newPerm = new FsPermission(perm.getUserAction(), groupPerm, perm.getOtherAction(), perm.getStickyBit());
inode.setPermission(newPerm, snapshotId);
}
inode.removeAclFeature(snapshotId);
}
use of org.apache.hadoop.fs.permission.FsAction in project hadoop by apache.
the class ClientDistributedCacheManager method checkPermissionOfOther.
/**
* Checks for a given path whether the Other permissions on it
* imply the permission in the passed FsAction
* @param fs
* @param path
* @param action
* @return true if the path in the uri is visible to all, false otherwise
* @throws IOException
*/
private static boolean checkPermissionOfOther(FileSystem fs, Path path, FsAction action, Map<URI, FileStatus> statCache) throws IOException {
FileStatus status = getFileStatus(fs, path.toUri(), statCache);
FsPermission perms = status.getPermission();
// permissions.
if (!perms.getEncryptedBit()) {
FsAction otherAction = perms.getOtherAction();
if (otherAction.implies(action)) {
return true;
}
}
return false;
}
Aggregations