/** * Creates a new group in HDFS with the name <code>projectName</code> if it does not exist, then * creates the owner in HDFS with the name <code>projectName</code>__<code>username</code> , also * if it does not exist, and gets added to the group <code>projectName</code>. * * <p> * * @param project * @throws java.io.IOException */ public void addProjectFolderOwner(Project project) throws IOException { String owner = getHdfsUserName(project, project.getOwner()); String projectPath = File.separator + settings.DIR_ROOT + File.separator + project.getName(); Path location = new Path(projectPath); // FsPermission(FsAction u, FsAction g, FsAction o) 775 // Gives owner and group all access and read, execute for others // This means group is for data_owners and others for data_scientist // This means every body can see the content of a project. FsPermission fsPermission = new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.READ_EXECUTE); // 775 fsOps.setOwner(location, owner, project.getName()); fsOps.setPermission(location, fsPermission); }
/** * Create a new group in HDFS with the name project.name__datasetName if it does not exist, then * adds all members of the project to this group. This is done when a new dataset is created in a * project. If stickyBit is set true: all members of the project will be given r, w, x privileges. * If stickyBit is set false: user will get all privileges, and all other members will have r and * x privileges. * * <p> * * @param owner * @param project * @param dataset * @param stickyBit * @throws java.io.IOException */ public void addDatasetUsersGroups( Users owner, Project project, Dataset dataset, boolean stickyBit) throws IOException { if (owner == null || project == null || project.getProjectTeamCollection() == null || dataset == null) { throw new IllegalArgumentException("One or more arguments are null."); } String datasetGroup = getHdfsGroupName(project, dataset); String dsOwner = getHdfsUserName(project, owner); String dsPath = File.separator + settings.DIR_ROOT + File.separator + project.getName() + File.separator + dataset.getInode().getInodePK().getName(); Path location = new Path(dsPath); // FsPermission(FsAction u, FsAction g, FsAction o, boolean sb) FsPermission fsPermission = new FsPermission( FsAction.ALL, FsAction.READ_EXECUTE, FsAction.NONE); // Permission hdfs dfs -chmod 750 if (stickyBit) { fsPermission = new FsPermission( FsAction.ALL, FsAction.ALL, FsAction.NONE, stickyBit); // Permission hdfs dfs -chmod 1770 } fsOps.setOwner(location, dsOwner, datasetGroup); fsOps.setPermission(location, fsPermission); String hdfsUsername; HdfsUsers hdfsUser; byte[] userId; byte[] groupId = UsersGroups.getGroupID(datasetGroup); HdfsGroups hdfsGroup = hdfsGroupsFacade.findHdfsGroup(groupId); if (hdfsGroup == null) { throw new IllegalArgumentException("Could not create dataset group in HDFS."); } if (hdfsGroup.getHdfsUsersCollection() == null) { hdfsGroup.setHdfsUsersCollection(new ArrayList<HdfsUsers>()); } // add every member to the new ds group for (ProjectTeam member : project.getProjectTeamCollection()) { hdfsUsername = getHdfsUserName(project, member.getUser()); userId = UsersGroups.getUserID(hdfsUsername); hdfsUser = hdfsUsersFacade.findHdfsUser(userId); // the owner does not need to be added to the group. if (hdfsUsername.equals(dsOwner)) { continue; } if (hdfsUser == null) { hdfsUser = new HdfsUsers(userId, hdfsUsername); hdfsUsersFacade.persist(hdfsUser); } if (!hdfsGroup.getHdfsUsersCollection().contains(hdfsUser)) { hdfsGroup.getHdfsUsersCollection().add(hdfsUser); } } hdfsGroupsFacade.merge(hdfsGroup); }