@Override public String toString() { String str = useraction.SYMBOL + groupaction.SYMBOL + otheraction.SYMBOL; if(stickyBit) { StringBuilder str2 = new StringBuilder(str); str2.replace(str2.length() - 1, str2.length(), otheraction.implies(FsAction.EXECUTE) ? "t" : "T"); str = str2.toString(); } return str; }
private String getPerms(final FsAction action) { final StringBuilder sb = new StringBuilder(); if (action.implies(FsAction.READ)) { sb.append("r"); } else { sb.append("-"); } if (action.implies(FsAction.WRITE)) { sb.append("w"); } else { sb.append("-"); } if (action.implies(FsAction.EXECUTE)) { sb.append("x"); } else { sb.append("-"); } return sb.toString(); }
protected String getPerms(final FsPermission permission) { final StringBuilder sb = new StringBuilder(); for (FsAction action : new FsAction[]{permission.getUserAction(), permission.getGroupAction(), permission.getOtherAction()}) { if (action.implies(FsAction.READ)) { sb.append("r"); } else { sb.append("-"); } if (action.implies(FsAction.WRITE)) { sb.append("w"); } else { sb.append("-"); } if (action.implies(FsAction.EXECUTE)) { sb.append("x"); } else { sb.append("-"); } } return sb.toString(); }
rv = f.setReadable(group.implies(FsAction.READ), false); checkReturnValue(rv, f, permission); if (group.implies(FsAction.READ) != user.implies(FsAction.READ)) { rv = f.setReadable(user.implies(FsAction.READ), true); checkReturnValue(rv, f, permission); rv = f.setWritable(group.implies(FsAction.WRITE), false); checkReturnValue(rv, f, permission); if (group.implies(FsAction.WRITE) != user.implies(FsAction.WRITE)) { rv = f.setWritable(user.implies(FsAction.WRITE), true); checkReturnValue(rv, f, permission); rv = f.setExecutable(group.implies(FsAction.EXECUTE), false); checkReturnValue(rv, f, permission); if (group.implies(FsAction.EXECUTE) != user.implies(FsAction.EXECUTE)) { rv = f.setExecutable(user.implies(FsAction.EXECUTE), true); checkReturnValue(rv, f, permission);
public static void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action, String user, List<String> groups) throws IOException, AccessControlException { if (groups == null) { groups = emptyGroups; } String superGroupName = getSuperGroupName(fs.getConf()); if (userBelongsToSuperGroup(superGroupName, groups)) { LOG.info("User \"" + user + "\" belongs to super-group \"" + superGroupName + "\". " + "Permission granted for action: " + action + "."); return; } final FsPermission dirPerms = stat.getPermission(); final String grp = stat.getGroup(); if (user.equals(stat.getOwner())) { if (dirPerms.getUserAction().implies(action)) { return; } } else if (groups.contains(grp)) { if (dirPerms.getGroupAction().implies(action)) { return; } } else if (dirPerms.getOtherAction().implies(action)) { return; } throw new AccessControlException("action " + action + " not permitted on path " + stat.getPath() + " for user " + user); }
/** * Throw an exception if an action is not permitted by a user on a file. * * @param ugi * the user * @param file * the file * @param action * the action */ public static void checkAccess(UserGroupInformation ugi, FileStatus file, FsAction action) throws AccessDeniedException { if (ugi.getShortUserName().equals(file.getOwner())) { if (file.getPermission().getUserAction().implies(action)) { return; } } else if (contains(ugi.getGroupNames(), file.getGroup())) { if (file.getPermission().getGroupAction().implies(action)) { return; } } else if (file.getPermission().getOtherAction().implies(action)) { return; } throw new AccessDeniedException("Permission denied:" + " action=" + action + " path=" + file.getPath() + " user=" + ugi.getShortUserName()); }
private HiveResourceACLs getResourceACLs(final FileSystem fs, final FileStatus stat) { String owner = stat.getOwner(); String group = stat.getGroup(); HiveResourceACLsImpl acls = new HiveResourceACLsImpl(); FsPermission permission = stat.getPermission(); if (permission.getUserAction().implies(FsAction.READ)) { acls.addUserEntry(owner, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getGroupAction().implies(FsAction.READ)) { acls.addGroupEntry(group, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getOtherAction().implies(FsAction.READ)) { acls.addGroupEntry("public", HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } return acls; }
if (!g.implies(FsAction.READ_EXECUTE)) { g = g.or(FsAction.READ_EXECUTE); changed = true; if (!o.implies(FsAction.READ_EXECUTE)) { o = o.or(FsAction.READ_EXECUTE); changed = true; if (!g.implies(FsAction.WRITE)) { g = g.or(FsAction.WRITE); changed = true; if (!o.implies(FsAction.WRITE)) { o = o.or(FsAction.WRITE); changed = true;
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } final AclStatus aclStatus; final List<AclEntry> entries; if (item.stat.hasAcl()) { aclStatus = item.fs.getAclStatus(item.path); entries = aclStatus.getEntries(); } else { aclStatus = null; entries = Collections.<AclEntry> emptyList(); } ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getDefaultEntries()); out.println(); }
if (!currentRootPerms.getUserAction().implies(FsAction.EXECUTE) || !currentRootPerms.getGroupAction().implies(FsAction.EXECUTE) || !currentRootPerms.getOtherAction().implies(FsAction.EXECUTE)) { LOG.warn("rootdir permissions do not contain 'excute' for user, group or other. " + "Automatically adding 'excute' permission for all");
private static void checkHdfsAccessPermissions(FileStatus stat, FsAction mode) throws Exception { FsPermission perm = stat.getPermission(); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); String user = ugi.getShortUserName(); List<String> groups = Arrays.asList(ugi.getGroupNames()); if (user.equals(stat.getOwner())) { if (perm.getUserAction().implies(mode)) { return; } } else if (groups.contains(stat.getGroup())) { if (perm.getGroupAction().implies(mode)) { return; } } else { if (perm.getOtherAction().implies(mode)) { return; } } throw new Exception(String.format("Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", user, stat.getPath(), stat.getOwner(), stat.getGroup(), stat.isDirectory() ? "d" : "-", perm)); }
/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (!getUser().equals(pool.getOwnerName()) && !isMemberOfGroup(pool.getGroupName()) && mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); }
if (mode.getUserAction().implies(access)) { return true; FsAction masked = AclEntryStatusFormat.getPermission(entry).and( mode.getGroupAction()); if (masked.implies(access)) { return true; FsAction masked = AclEntryStatusFormat.getPermission(entry).and( mode.getGroupAction()); if (masked.implies(access)) { return true; return !foundMatch && mode.getOtherAction().implies(access);
private boolean hasPermission(INodeAttributes inode, FsAction access) { if (inode == null) { return true; } final FsPermission mode = inode.getFsPermission(); final AclFeature aclFeature = inode.getAclFeature(); if (aclFeature != null && aclFeature.getEntriesSize() > 0) { // It's possible that the inode has a default ACL but no access ACL. int firstEntry = aclFeature.getEntryAt(0); if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) { return hasAclPermission(inode, access, mode, aclFeature); } } final FsAction checkAction; if (getUser().equals(inode.getUserName())) { //user class checkAction = mode.getUserAction(); } else if (isMemberOfGroup(inode.getGroupName())) { //group class checkAction = mode.getGroupAction(); } else { //other class checkAction = mode.getOtherAction(); } return checkAction.implies(access); }
if (parentAccess != null && parentAccess.implies(FsAction.WRITE) && inodeAttrs.length > 1 && last != null) { checkStickyBit(inodeAttrs, components, inodeAttrs.length - 2);
public boolean canRead(String path) throws IOException { return DFS.getFileStatus(new Path(path)).getPermission().getUserAction().implies(FsAction.READ); } };
private void verifyCanWrite(ArgumentParser parser, Path file) throws ArgumentParserException, IOException { verifyExists(parser, file); if (!fs.getFileStatus(file).getPermission().getUserAction().implies(FsAction.WRITE)) { throw new ArgumentParserException("Insufficient permissions to write file: " + file, parser); } }
private void verifyCanRead(ArgumentParser parser, Path file) throws ArgumentParserException, IOException { verifyExists(parser, file); if (!fs.getFileStatus(file).getPermission().getUserAction().implies(FsAction.READ)) { throw new ArgumentParserException("Insufficient permissions to read file: " + file, parser); } }