/// <exception cref="System.Exception"/> protected internal virtual void TestSetPermission() { FileSystem fs = FileSystem.Get(GetProxiedFSConf()); Path path = new Path(GetProxiedFSTestDir(), "foodir"); fs.Mkdirs(path); fs = GetHttpFSFileSystem(); FsPermission permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction .None); fs.SetPermission(path, permission1); fs.Close(); fs = FileSystem.Get(GetProxiedFSConf()); FileStatus status1 = fs.GetFileStatus(path); fs.Close(); FsPermission permission2 = status1.GetPermission(); NUnit.Framework.Assert.AreEqual(permission2, permission1); //sticky bit fs = GetHttpFSFileSystem(); permission1 = new FsPermission(FsAction.ReadWrite, FsAction.None, FsAction.None, true); fs.SetPermission(path, permission1); fs.Close(); fs = FileSystem.Get(GetProxiedFSConf()); status1 = fs.GetFileStatus(path); fs.Close(); permission2 = status1.GetPermission(); NUnit.Framework.Assert.IsTrue(permission2.GetStickyBit()); NUnit.Framework.Assert.AreEqual(permission2, permission1); }
/// <exception cref="System.IO.IOException"/> private static void UnprotectedRemoveAcl(FSDirectory fsd, INodesInPath iip) { System.Diagnostics.Debug.Assert(fsd.HasWriteLock()); INode inode = FSDirectory.ResolveLastINode(iip); int snapshotId = iip.GetLatestSnapshotId(); AclFeature f = inode.GetAclFeature(); if (f == null) { return; } FsPermission perm = inode.GetFsPermission(); IList <AclEntry> featureEntries = AclStorage.GetEntriesFromAclFeature(f); if (featureEntries[0].GetScope() == AclEntryScope.Access) { // Restore group permissions from the feature's entry to permission // bits, overwriting the mask, which is not part of a minimal ACL. AclEntry groupEntryKey = new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.Group).Build(); int groupEntryIndex = Sharpen.Collections.BinarySearch(featureEntries, groupEntryKey , AclTransformation.AclEntryComparator); System.Diagnostics.Debug.Assert(groupEntryIndex >= 0); FsAction groupPerm = featureEntries[groupEntryIndex].GetPermission(); FsPermission newPerm = new FsPermission(perm.GetUserAction(), groupPerm, perm.GetOtherAction (), perm.GetStickyBit()); inode.SetPermission(newPerm, snapshotId); } inode.RemoveAclFeature(snapshotId); }
/// <summary> /// Creates the new FsPermission for an inode that is receiving an extended /// ACL, based on its access ACL entries. /// </summary> /// <remarks> /// Creates the new FsPermission for an inode that is receiving an extended /// ACL, based on its access ACL entries. For a correctly sorted ACL, the /// first entry is the owner and the last 2 entries are the mask and other /// entries respectively. Also preserve sticky bit and toggle ACL bit on. /// Note that this method intentionally copies the permissions of the mask /// entry into the FsPermission group permissions. This is consistent with the /// POSIX ACLs model, which presents the mask as the permissions of the group /// class. /// </remarks> /// <param name="accessEntries">List<AclEntry> access ACL entries</param> /// <param name="existingPerm">FsPermission existing permissions</param> /// <returns>FsPermission new permissions</returns> private static FsPermission CreateFsPermissionForExtendedAcl(IList <AclEntry> accessEntries , FsPermission existingPerm) { return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[accessEntries .Count - 2].GetPermission(), accessEntries[accessEntries.Count - 1].GetPermission (), existingPerm.GetStickyBit())); }
/// <summary>Return the JSON formatted ACL status of the specified file.</summary> /// <param name="path">a path specifies a file</param> /// <returns>JSON formatted AclStatus</returns> /// <exception cref="System.IO.IOException">if failed to serialize fileStatus to JSON. /// </exception> internal virtual string GetAclStatus(string path) { PermissionStatus p = GetPermissionStatus(path); IList <AclEntry> aclEntryList = GetAclEntryList(path); FsPermission permission = p.GetPermission(); AclStatus.Builder builder = new AclStatus.Builder(); builder.Owner(p.GetUserName()).Group(p.GetGroupName()).AddEntries(aclEntryList).SetPermission (permission).StickyBit(permission.GetStickyBit()); AclStatus aclStatus = builder.Build(); return(JsonUtil.ToJsonString(aclStatus)); }
/// <exception cref="System.IO.IOException"/> protected internal override void ProcessPath(PathData item) { @out.WriteLine("# file: " + item); @out.WriteLine("# owner: " + item.stat.GetOwner()); @out.WriteLine("# group: " + item.stat.GetGroup()); FsPermission perm = item.stat.GetPermission(); if (perm.GetStickyBit()) { @out.WriteLine("# flags: --" + (perm.GetOtherAction().Implies(FsAction.Execute) ? "t" : "T")); } AclStatus aclStatus = item.fs.GetAclStatus(item.path); IList <AclEntry> entries = perm.GetAclBit() ? aclStatus.GetEntries() : Collections .EmptyList <AclEntry>(); ScopedAclEntries scopedEntries = new ScopedAclEntries(AclUtil.GetAclFromPermAndEntries (perm, entries)); PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetAccessEntries()); PrintAclEntriesForSingleScope(aclStatus, perm, scopedEntries.GetDefaultEntries()); @out.WriteLine(); }
/// <exception cref="System.IO.IOException"/> internal static AclStatus GetAclStatus(FSDirectory fsd, string src) { CheckAclsConfigFlag(fsd); FSPermissionChecker pc = fsd.GetPermissionChecker(); byte[][] pathComponents = FSDirectory.GetPathComponentsForReservedPath(src); src = fsd.ResolvePath(pc, src, pathComponents); string srcs = FSDirectory.NormalizePath(src); fsd.ReadLock(); try { // There is no real inode for the path ending in ".snapshot", so return a // non-null, unpopulated AclStatus. This is similar to getFileInfo. if (srcs.EndsWith(HdfsConstants.SeparatorDotSnapshotDir) && fsd.GetINode4DotSnapshot (srcs) != null) { return(new AclStatus.Builder().Owner(string.Empty).Group(string.Empty).Build()); } INodesInPath iip = fsd.GetINodesInPath(srcs, true); if (fsd.IsPermissionEnabled()) { fsd.CheckTraverse(pc, iip); } INode inode = FSDirectory.ResolveLastINode(iip); int snapshotId = iip.GetPathSnapshotId(); IList <AclEntry> acl = AclStorage.ReadINodeAcl(fsd.GetAttributes(src, inode.GetLocalNameBytes (), inode, snapshotId)); FsPermission fsPermission = inode.GetFsPermission(snapshotId); return(new AclStatus.Builder().Owner(inode.GetUserName()).Group(inode.GetGroupName ()).StickyBit(fsPermission.GetStickyBit()).SetPermission(fsPermission).AddEntries (acl).Build()); } finally { fsd.ReadUnlock(); } }
/// <summary> /// Creates the new FsPermission for an inode that is receiving a minimal ACL, /// based on its access ACL entries. /// </summary> /// <remarks> /// Creates the new FsPermission for an inode that is receiving a minimal ACL, /// based on its access ACL entries. For a correctly sorted ACL, the owner, /// group and other permissions are in order. Also preserve sticky bit and /// toggle ACL bit off. /// </remarks> /// <param name="accessEntries">List<AclEntry> access ACL entries</param> /// <param name="existingPerm">FsPermission existing permissions</param> /// <returns>FsPermission new permissions</returns> private static FsPermission CreateFsPermissionForMinimalAcl(IList <AclEntry> accessEntries , FsPermission existingPerm) { return(new FsPermission(accessEntries[0].GetPermission(), accessEntries[1].GetPermission (), accessEntries[2].GetPermission(), existingPerm.GetStickyBit())); }