/// <exception cref="System.Exception"/>
protected internal virtual void TestSetPermission()
{
FileSystem fs = FileSystem.Get(GetProxiedFSConf());
Path path = new Path(GetProxiedFSTestDir(), "foodir");
fs.Mkdirs(path);
fs = GetHttpFSFileSystem();
FsPermission permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction
.None);
fs.SetPermission(path, permission1);
fs.Close();
fs = FileSystem.Get(GetProxiedFSConf());
FileStatus status1 = fs.GetFileStatus(path);
fs.Close();
FsPermission permission2 = status1.GetPermission();
NUnit.Framework.Assert.AreEqual(permission2, permission1);
//sticky bit
fs = GetHttpFSFileSystem();
permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction.None,
true);
fs.SetPermission(path, permission1);
fs.Close();
fs = FileSystem.Get(GetProxiedFSConf());
status1 = fs.GetFileStatus(path);
fs.Close();
permission2 = status1.GetPermission();
NUnit.Framework.Assert.IsTrue(permission2.GetStickyBit());
NUnit.Framework.Assert.AreEqual(permission2, permission1);
}
/// <exception cref="System.IO.IOException"/>
private static void UnprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip)
{
System.Diagnostics.Debug.Assert(fsd.HasWriteLock());
INode inode = FSDirectory.ResolveLastINode(iip);
int snapshotId = iip.GetLatestSnapshotId();
AclFeature f = inode.GetAclFeature();
if (f == null)
{
return;
}
FsPermission perm = inode.GetFsPermission();
IList <AclEntry> featureEntries = AclStorage.GetEntriesFromAclFeature(f);
if (featureEntries[0].GetScope() == AclEntryScope.Access)
{
// Restore group permissions from the feature's entry to permission
// bits, overwriting the mask, which is not part of a minimal ACL.
AclEntry groupEntryKey = new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
(AclEntryType.Group).Build();
int groupEntryIndex = Sharpen.Collections.BinarySearch(featureEntries, groupEntryKey
, AclTransformation.AclEntryComparator);
System.Diagnostics.Debug.Assert(groupEntryIndex >= 0);
FsAction groupPerm = featureEntries[groupEntryIndex].GetPermission();
FsPermission newPerm = new FsPermission(perm.GetUserAction(), groupPerm, perm.GetOtherAction
(), perm.GetStickyBit());
inode.SetPermission(newPerm, snapshotId);
}
inode.RemoveAclFeature(snapshotId);
}
/// <summary>
/// Creates the new FsPermission for an inode that is receiving an extended
/// ACL, based on its access ACL entries.
/// </summary>
/// <remarks>
/// Creates the new FsPermission for an inode that is receiving an extended
/// ACL, based on its access ACL entries. For a correctly sorted ACL, the
/// first entry is the owner and the last 2 entries are the mask and other
/// entries respectively. Also preserve sticky bit and toggle ACL bit on.
/// Note that this method intentionally copies the permissions of the mask
/// entry into the FsPermission group permissions. This is consistent with the
/// POSIX ACLs model, which presents the mask as the permissions of the group
/// class.
/// </remarks>
/// <param name="accessEntries">List<AclEntry> access ACL entries</param>
/// <param name="existingPerm">FsPermission existing permissions</param>
/// <returns>FsPermission new permissions</returns>
private static FsPermission CreateFsPermissionForExtendedAcl(IList <AclEntry> accessEntries
, FsPermission existingPerm)
{
return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[accessEntries
.Count - 2].GetPermission(), accessEntries[accessEntries.Count - 1].GetPermission
(), existingPerm.GetStickyBit()));
}
/// <summary>Return the JSON formatted ACL status of the specified file.</summary>
/// <param name="path">a path specifies a file</param>
/// <returns>JSON formatted AclStatus</returns>
/// <exception cref="System.IO.IOException">if failed to serialize fileStatus to JSON.
/// </exception>
internal virtual string GetAclStatus(string path)
{
PermissionStatus p = GetPermissionStatus(path);
IList <AclEntry> aclEntryList = GetAclEntryList(path);
FsPermission permission = p.GetPermission();
AclStatus.Builder builder = new AclStatus.Builder();
builder.Owner(p.GetUserName()).Group(p.GetGroupName()).AddEntries(aclEntryList).SetPermission
(permission).StickyBit(permission.GetStickyBit());
AclStatus aclStatus = builder.Build();
return(JsonUtil.ToJsonString(aclStatus));
}
/// <exception cref="System.IO.IOException"/>
protected internal override void ProcessPath(PathData item)
{
@out.WriteLine("# file: " + item);
@out.WriteLine("# owner: " + item.stat.GetOwner());
@out.WriteLine("# group: " + item.stat.GetGroup());
FsPermission perm = item.stat.GetPermission();
if (perm.GetStickyBit())
{
@out.WriteLine("# flags: --" + (perm.GetOtherAction().Implies(FsAction.Execute) ?
"t" : "T"));
}
AclStatus aclStatus = item.fs.GetAclStatus(item.path);
IList <AclEntry> entries = perm.GetAclBit() ? aclStatus.GetEntries() : Collections
.EmptyList <AclEntry>();
ScopedAclEntries scopedEntries = new ScopedAclEntries(AclUtil.GetAclFromPermAndEntries
(perm, entries));
PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetAccessEntries());
PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetDefaultEntries());
@out.WriteLine();
}
/// <exception cref="System.IO.IOException"/>
internal static AclStatus GetAclStatus(FSDirectory fsd, string src)
{
CheckAclsConfigFlag(fsd);
FSPermissionChecker pc = fsd.GetPermissionChecker();
byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src);
src = fsd.ResolvePath(pc, src, pathComponents);
string srcs = FSDirectory.NormalizePath(src);
fsd.ReadLock();
try
{
// There is no real inode for the path ending in ".snapshot", so return a
// non-null, unpopulated AclStatus. This is similar to getFileInfo.
if (srcs.EndsWith(HdfsConstants.SeparatorDotSnapshotDir) && fsd.GetINode4DotSnapshot
(srcs) != null)
{
return(new AclStatus.Builder().Owner(string.Empty).Group(string.Empty).Build());
}
INodesInPath iip = fsd.GetINodesInPath(srcs, true);
if (fsd.IsPermissionEnabled())
{
fsd.CheckTraverse(pc, iip);
}
INode inode = FSDirectory.ResolveLastINode(iip);
int snapshotId = iip.GetPathSnapshotId();
IList <AclEntry> acl = AclStorage.ReadINodeAcl(fsd.GetAttributes(src, inode.GetLocalNameBytes
(), inode, snapshotId));
FsPermission fsPermission = inode.GetFsPermission(snapshotId);
return(new AclStatus.Builder().Owner(inode.GetUserName()).Group(inode.GetGroupName
()).StickyBit(fsPermission.GetStickyBit()).SetPermission(fsPermission).AddEntries
(acl).Build());
}
finally
{
fsd.ReadUnlock();
}
}
/// <summary>
/// Creates the new FsPermission for an inode that is receiving a minimal ACL,
/// based on its access ACL entries.
/// </summary>
/// <remarks>
/// Creates the new FsPermission for an inode that is receiving a minimal ACL,
/// based on its access ACL entries. For a correctly sorted ACL, the owner,
/// group and other permissions are in order. Also preserve sticky bit and
/// toggle ACL bit off.
/// </remarks>
/// <param name="accessEntries">List<AclEntry> access ACL entries</param>
/// <param name="existingPerm">FsPermission existing permissions</param>
/// <returns>FsPermission new permissions</returns>
private static FsPermission CreateFsPermissionForMinimalAcl(IList <AclEntry> accessEntries
, FsPermission existingPerm)
{
return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[1].GetPermission
(), accessEntries[2].GetPermission(), existingPerm.GetStickyBit()));
}
