From b24098bc8ffe976d662acabc168e20eac8cc8460 Mon Sep 17 00:00:00 2001 From: Yiqun Lin Date: Wed, 30 May 2018 16:52:21 +0800 Subject: [PATCH] HDFS-13626. Fix incorrect username when deny the setOwner operation. Contributed by Zsolt Venczel. --- .../hadoop/hdfs/server/namenode/FSDirAttrOp.java | 4 ++-- .../org/apache/hadoop/security/TestPermission.java | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java index 406fe809bc..1dbee96985 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java @@ -82,12 +82,12 @@ static FileStatus setOwner( fsd.checkOwner(pc, iip); if (!pc.isSuperUser()) { if (username != null && !pc.getUser().equals(username)) { - throw new AccessControlException("User " + username + throw new AccessControlException("User " + pc.getUser() + " is not a super user (non-super user cannot change owner)."); } if (group != null && !pc.isMemberOfGroup(group)) { throw new AccessControlException( - "User " + username + " does not belong to " + group); + "User " + pc.getUser() + " does not belong to " + group); } } unprotectedSetOwner(fsd, iip, username, group); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java index 813ac5a95f..388e7f23a6 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java @@ -337,7 +337,8 @@ private void testNonSuperCannotChangeToOtherGroup() throws Exception { fail("Expect ACE when a non-super user tries to change a file to a " + "group where the user does not belong."); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith("User null does not belong to")); + assertThat(e.getMessage(), startsWith("User " + + userfs.getFileStatus(file).getOwner() + " does not belong to")); } } @@ -371,8 +372,9 @@ private void testNonSuperCannotChangeOwner() throws Exception { userfs.setOwner(file, NOUSER, null); fail("Expect ACE when a non-super user tries to change owner"); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith("User " + NOUSER - + " is not a super user (non-super user cannot change owner)")); + assertThat(e.getMessage(), startsWith("User " + + userfs.getFileStatus(file).getOwner() + + " is not a super user (non-super user cannot change owner)")); } } @@ -397,8 +399,9 @@ private void testNonSuperCannotChangeOwnerForNonExistentFile() fail("Expect ACE or FNFE when a non-super user tries to change owner " + "for a non-existent file"); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith("User " + NOUSER - + " is not a super user (non-super user cannot change owner)")); + assertThat(e.getMessage(), startsWith("User " + + userfs.getFileStatus(file).getOwner() + + " is not a super user (non-super user cannot change owner)")); } catch (FileNotFoundException e) { } }