HDFS-6741. Improve permission denied message when FSPermissionChecker#checkOwner fails. Contributed by Stephen Chu and Harsh J. (harsh)
This commit is contained in:
parent
e7859015bc
commit
0398db19b2
@ -316,6 +316,9 @@ Release 2.7.0 - UNRELEASED
|
|||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
|
HDFS-6741. Improve permission denied message when
|
||||||
|
FSPermissionChecker#checkOwner fails (Stephen Chu and harsh).
|
||||||
|
|
||||||
HDFS-6538. Comment format error in ShortCircuitRegistry javadoc.
|
HDFS-6538. Comment format error in ShortCircuitRegistry javadoc.
|
||||||
(David Luo via harsh).
|
(David Luo via harsh).
|
||||||
|
|
||||||
|
@ -198,7 +198,9 @@ private void checkOwner(INode inode, int snapshotId
|
|||||||
if (inode != null && user.equals(inode.getUserName(snapshotId))) {
|
if (inode != null && user.equals(inode.getUserName(snapshotId))) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
throw new AccessControlException("Permission denied");
|
throw new AccessControlException(
|
||||||
|
"Permission denied. user="
|
||||||
|
+ user + " is not the owner of inode=" + inode);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Guarded by {@link FSNamesystem#readLock()} */
|
/** Guarded by {@link FSNamesystem#readLock()} */
|
||||||
|
@ -443,7 +443,11 @@ public FileSystem run() throws Exception {
|
|||||||
fs.access(p1, FsAction.WRITE);
|
fs.access(p1, FsAction.WRITE);
|
||||||
fail("The access call should have failed.");
|
fail("The access call should have failed.");
|
||||||
} catch (AccessControlException e) {
|
} catch (AccessControlException e) {
|
||||||
// expected
|
assertTrue("Permission denied messages must carry the username",
|
||||||
|
e.getMessage().contains(USER1_NAME));
|
||||||
|
assertTrue("Permission denied messages must carry the path parent",
|
||||||
|
e.getMessage().contains(
|
||||||
|
p1.getParent().toUri().getPath()));
|
||||||
}
|
}
|
||||||
|
|
||||||
Path badPath = new Path("/bad/bad");
|
Path badPath = new Path("/bad/bad");
|
||||||
@ -473,7 +477,11 @@ public FileSystem run() throws Exception {
|
|||||||
fs.access(p2, FsAction.EXECUTE);
|
fs.access(p2, FsAction.EXECUTE);
|
||||||
fail("The access call should have failed.");
|
fail("The access call should have failed.");
|
||||||
} catch (AccessControlException e) {
|
} catch (AccessControlException e) {
|
||||||
// expected
|
assertTrue("Permission denied messages must carry the username",
|
||||||
|
e.getMessage().contains(USER1_NAME));
|
||||||
|
assertTrue("Permission denied messages must carry the path parent",
|
||||||
|
e.getMessage().contains(
|
||||||
|
p2.getParent().toUri().getPath()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -494,7 +502,11 @@ public FileSystem run() throws Exception {
|
|||||||
fs.access(p3, FsAction.READ_WRITE);
|
fs.access(p3, FsAction.READ_WRITE);
|
||||||
fail("The access call should have failed.");
|
fail("The access call should have failed.");
|
||||||
} catch (AccessControlException e) {
|
} catch (AccessControlException e) {
|
||||||
// expected
|
assertTrue("Permission denied messages must carry the username",
|
||||||
|
e.getMessage().contains(USER1_NAME));
|
||||||
|
assertTrue("Permission denied messages must carry the path parent",
|
||||||
|
e.getMessage().contains(
|
||||||
|
p3.getParent().toUri().getPath()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
import static org.apache.hadoop.fs.permission.FsAction.WRITE_EXECUTE;
|
import static org.apache.hadoop.fs.permission.FsAction.WRITE_EXECUTE;
|
||||||
import static org.apache.hadoop.hdfs.server.namenode.AclTestHelpers.aclEntry;
|
import static org.apache.hadoop.hdfs.server.namenode.AclTestHelpers.aclEntry;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.mockito.Matchers.any;
|
import static org.mockito.Matchers.any;
|
||||||
import static org.mockito.Mockito.doAnswer;
|
import static org.mockito.Mockito.doAnswer;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
@ -41,6 +42,7 @@
|
|||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.fs.permission.AclEntry;
|
import org.apache.hadoop.fs.permission.AclEntry;
|
||||||
import org.apache.hadoop.fs.permission.FsAction;
|
import org.apache.hadoop.fs.permission.FsAction;
|
||||||
import org.apache.hadoop.fs.permission.FsPermission;
|
import org.apache.hadoop.fs.permission.FsPermission;
|
||||||
@ -412,7 +414,11 @@ private void assertPermissionDenied(UserGroupInformation user, String path,
|
|||||||
fail("expected AccessControlException for user + " + user + ", path = " +
|
fail("expected AccessControlException for user + " + user + ", path = " +
|
||||||
path + ", access = " + access);
|
path + ", access = " + access);
|
||||||
} catch (AccessControlException e) {
|
} catch (AccessControlException e) {
|
||||||
// expected
|
assertTrue("Permission denied messages must carry the username",
|
||||||
|
e.getMessage().contains(user.getUserName().toString()));
|
||||||
|
assertTrue("Permission denied messages must carry the path parent",
|
||||||
|
e.getMessage().contains(
|
||||||
|
new Path(path).getParent().toUri().getPath()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user