コード例 #1
0
 static boolean canOpen(FileSystem fs, Path p) throws IOException {
   try {
     fs.open(p);
     return true;
   } catch (AccessControlException e) {
     return false;
   }
 }
コード例 #2
0
 static boolean canRename(FileSystem fs, Path src, Path dst) throws IOException {
   try {
     fs.rename(src, dst);
     return true;
   } catch (AccessControlException e) {
     return false;
   }
 }
コード例 #3
0
 static FsPermission checkPermission(FileSystem fs, String path, FsPermission expected)
     throws IOException {
   FileStatus s = fs.getFileStatus(new Path(path));
   LOG.info(
       s.getPath()
           + ": "
           + s.isDirectory()
           + " "
           + s.getPermission()
           + ":"
           + s.getOwner()
           + ":"
           + s.getGroup());
   if (expected != null) {
     assertEquals(expected, s.getPermission());
     assertEquals(expected.toShort(), s.getPermission().toShort());
   }
   return s.getPermission();
 }
コード例 #4
0
  public void testCreate() throws Exception {
    Configuration conf = new HdfsConfiguration();
    conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
    conf.set(FsPermission.UMASK_LABEL, "000");
    MiniDFSCluster cluster = null;
    FileSystem fs = null;

    try {
      cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
      cluster.waitActive();
      fs = FileSystem.get(conf);
      FsPermission rootPerm = checkPermission(fs, "/", null);
      FsPermission inheritPerm = FsPermission.createImmutable((short) (rootPerm.toShort() | 0300));

      FsPermission dirPerm = new FsPermission((short) 0777);
      fs.mkdirs(new Path("/a1/a2/a3"), dirPerm);
      checkPermission(fs, "/a1", dirPerm);
      checkPermission(fs, "/a1/a2", dirPerm);
      checkPermission(fs, "/a1/a2/a3", dirPerm);

      dirPerm = new FsPermission((short) 0123);
      FsPermission permission = FsPermission.createImmutable((short) (dirPerm.toShort() | 0300));
      fs.mkdirs(new Path("/aa/1/aa/2/aa/3"), dirPerm);
      checkPermission(fs, "/aa/1", permission);
      checkPermission(fs, "/aa/1/aa/2", permission);
      checkPermission(fs, "/aa/1/aa/2/aa/3", dirPerm);

      FsPermission filePerm = new FsPermission((short) 0444);
      FSDataOutputStream out =
          fs.create(
              new Path("/b1/b2/b3.txt"),
              filePerm,
              true,
              conf.getInt(CommonConfigurationKeys.IO_FILE_BUFFER_SIZE_KEY, 4096),
              fs.getDefaultReplication(),
              fs.getDefaultBlockSize(),
              null);
      out.write(123);
      out.close();
      checkPermission(fs, "/b1", inheritPerm);
      checkPermission(fs, "/b1/b2", inheritPerm);
      checkPermission(fs, "/b1/b2/b3.txt", filePerm);

      conf.set(FsPermission.UMASK_LABEL, "022");
      permission = FsPermission.createImmutable((short) 0666);
      FileSystem.mkdirs(fs, new Path("/c1"), new FsPermission(permission));
      FileSystem.create(fs, new Path("/c1/c2.txt"), new FsPermission(permission));
      checkPermission(fs, "/c1", permission);
      checkPermission(fs, "/c1/c2.txt", permission);
    } finally {
      try {
        if (fs != null) fs.close();
      } catch (Exception e) {
        LOG.error(StringUtils.stringifyException(e));
      }
      try {
        if (cluster != null) cluster.shutdown();
      } catch (Exception e) {
        LOG.error(StringUtils.stringifyException(e));
      }
    }
  }
コード例 #5
0
  public void testFilePermision() throws Exception {
    final Configuration conf = new HdfsConfiguration();
    conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
    MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
    cluster.waitActive();

    try {
      FileSystem nnfs = FileSystem.get(conf);
      // test permissions on files that do not exist
      assertFalse(nnfs.exists(CHILD_FILE1));
      try {
        nnfs.setOwner(CHILD_FILE1, "foo", "bar");
        assertTrue(false);
      } catch (java.io.FileNotFoundException e) {
        LOG.info("GOOD: got " + e);
      }
      try {
        nnfs.setPermission(CHILD_FILE1, new FsPermission((short) 0777));
        assertTrue(false);
      } catch (java.io.FileNotFoundException e) {
        LOG.info("GOOD: got " + e);
      }
      // following dir/file creations are legal
      nnfs.mkdirs(CHILD_DIR1);
      FSDataOutputStream out = nnfs.create(CHILD_FILE1);
      byte data[] = new byte[FILE_LEN];
      RAN.nextBytes(data);
      out.write(data);
      out.close();
      nnfs.setPermission(CHILD_FILE1, new FsPermission("700"));

      // following read is legal
      byte dataIn[] = new byte[FILE_LEN];
      FSDataInputStream fin = nnfs.open(CHILD_FILE1);
      int bytesRead = fin.read(dataIn);
      assertTrue(bytesRead == FILE_LEN);
      for (int i = 0; i < FILE_LEN; i++) {
        assertEquals(data[i], dataIn[i]);
      }

      ////////////////////////////////////////////////////////////////
      // test illegal file/dir creation
      UserGroupInformation userGroupInfo =
          UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES);

      FileSystem userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf);

      // make sure mkdir of a existing directory that is not owned by
      // this user does not throw an exception.
      userfs.mkdirs(CHILD_DIR1);

      // illegal mkdir
      assertTrue(!canMkdirs(userfs, CHILD_DIR2));

      // illegal file creation
      assertTrue(!canCreate(userfs, CHILD_FILE2));

      // illegal file open
      assertTrue(!canOpen(userfs, CHILD_FILE1));

      nnfs.setPermission(ROOT_PATH, new FsPermission((short) 0755));
      nnfs.setPermission(CHILD_DIR1, new FsPermission("777"));
      nnfs.setPermission(new Path("/"), new FsPermission((short) 0777));
      final Path RENAME_PATH = new Path("/foo/bar");
      userfs.mkdirs(RENAME_PATH);
      assertTrue(canRename(userfs, RENAME_PATH, CHILD_DIR1));
    } finally {
      cluster.shutdown();
    }
  }