static boolean canOpen(FileSystem fs, Path p) throws IOException { try { fs.open(p); return true; } catch (AccessControlException e) { return false; } }
static boolean canRename(FileSystem fs, Path src, Path dst) throws IOException { try { fs.rename(src, dst); return true; } catch (AccessControlException e) { return false; } }
static FsPermission checkPermission(FileSystem fs, String path, FsPermission expected) throws IOException { FileStatus s = fs.getFileStatus(new Path(path)); LOG.info( s.getPath() + ": " + s.isDirectory() + " " + s.getPermission() + ":" + s.getOwner() + ":" + s.getGroup()); if (expected != null) { assertEquals(expected, s.getPermission()); assertEquals(expected.toShort(), s.getPermission().toShort()); } return s.getPermission(); }
public void testCreate() throws Exception { Configuration conf = new HdfsConfiguration(); conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true); conf.set(FsPermission.UMASK_LABEL, "000"); MiniDFSCluster cluster = null; FileSystem fs = null; try { cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build(); cluster.waitActive(); fs = FileSystem.get(conf); FsPermission rootPerm = checkPermission(fs, "/", null); FsPermission inheritPerm = FsPermission.createImmutable((short) (rootPerm.toShort() | 0300)); FsPermission dirPerm = new FsPermission((short) 0777); fs.mkdirs(new Path("/a1/a2/a3"), dirPerm); checkPermission(fs, "/a1", dirPerm); checkPermission(fs, "/a1/a2", dirPerm); checkPermission(fs, "/a1/a2/a3", dirPerm); dirPerm = new FsPermission((short) 0123); FsPermission permission = FsPermission.createImmutable((short) (dirPerm.toShort() | 0300)); fs.mkdirs(new Path("/aa/1/aa/2/aa/3"), dirPerm); checkPermission(fs, "/aa/1", permission); checkPermission(fs, "/aa/1/aa/2", permission); checkPermission(fs, "/aa/1/aa/2/aa/3", dirPerm); FsPermission filePerm = new FsPermission((short) 0444); FSDataOutputStream out = fs.create( new Path("/b1/b2/b3.txt"), filePerm, true, conf.getInt(CommonConfigurationKeys.IO_FILE_BUFFER_SIZE_KEY, 4096), fs.getDefaultReplication(), fs.getDefaultBlockSize(), null); out.write(123); out.close(); checkPermission(fs, "/b1", inheritPerm); checkPermission(fs, "/b1/b2", inheritPerm); checkPermission(fs, "/b1/b2/b3.txt", filePerm); conf.set(FsPermission.UMASK_LABEL, "022"); permission = FsPermission.createImmutable((short) 0666); FileSystem.mkdirs(fs, new Path("/c1"), new FsPermission(permission)); FileSystem.create(fs, new Path("/c1/c2.txt"), new FsPermission(permission)); checkPermission(fs, "/c1", permission); checkPermission(fs, "/c1/c2.txt", permission); } finally { try { if (fs != null) fs.close(); } catch (Exception e) { LOG.error(StringUtils.stringifyException(e)); } try { if (cluster != null) cluster.shutdown(); } catch (Exception e) { LOG.error(StringUtils.stringifyException(e)); } } }
public void testFilePermision() throws Exception { final Configuration conf = new HdfsConfiguration(); conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true); MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build(); cluster.waitActive(); try { FileSystem nnfs = FileSystem.get(conf); // test permissions on files that do not exist assertFalse(nnfs.exists(CHILD_FILE1)); try { nnfs.setOwner(CHILD_FILE1, "foo", "bar"); assertTrue(false); } catch (java.io.FileNotFoundException e) { LOG.info("GOOD: got " + e); } try { nnfs.setPermission(CHILD_FILE1, new FsPermission((short) 0777)); assertTrue(false); } catch (java.io.FileNotFoundException e) { LOG.info("GOOD: got " + e); } // following dir/file creations are legal nnfs.mkdirs(CHILD_DIR1); FSDataOutputStream out = nnfs.create(CHILD_FILE1); byte data[] = new byte[FILE_LEN]; RAN.nextBytes(data); out.write(data); out.close(); nnfs.setPermission(CHILD_FILE1, new FsPermission("700")); // following read is legal byte dataIn[] = new byte[FILE_LEN]; FSDataInputStream fin = nnfs.open(CHILD_FILE1); int bytesRead = fin.read(dataIn); assertTrue(bytesRead == FILE_LEN); for (int i = 0; i < FILE_LEN; i++) { assertEquals(data[i], dataIn[i]); } //////////////////////////////////////////////////////////////// // test illegal file/dir creation UserGroupInformation userGroupInfo = UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES); FileSystem userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf); // make sure mkdir of a existing directory that is not owned by // this user does not throw an exception. userfs.mkdirs(CHILD_DIR1); // illegal mkdir assertTrue(!canMkdirs(userfs, CHILD_DIR2)); // illegal file creation assertTrue(!canCreate(userfs, CHILD_FILE2)); // illegal file open assertTrue(!canOpen(userfs, CHILD_FILE1)); nnfs.setPermission(ROOT_PATH, new FsPermission((short) 0755)); nnfs.setPermission(CHILD_DIR1, new FsPermission("777")); nnfs.setPermission(new Path("/"), new FsPermission((short) 0777)); final Path RENAME_PATH = new Path("/foo/bar"); userfs.mkdirs(RENAME_PATH); assertTrue(canRename(userfs, RENAME_PATH, CHILD_DIR1)); } finally { cluster.shutdown(); } }