@Override public boolean hasStickyBit(FsPermission permission) { return permission.getStickyBit(); }
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } final AclStatus aclStatus; final List<AclEntry> entries; if (item.stat.hasAcl()) { aclStatus = item.fs.getAclStatus(item.path); entries = aclStatus.getEntries(); } else { aclStatus = null; entries = Collections.<AclEntry> emptyList(); } ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getDefaultEntries()); out.println(); }
/** * Get pin status of a file by checking the sticky bit. * @param localFS local file system * @param path path to be checked * @return true if the file is pinned with sticky bit * @throws IOException */ public boolean getPinning(LocalFileSystem localFS, Path path) throws IOException { boolean stickyBit = localFS.getFileStatus(path).getPermission().getStickyBit(); return stickyBit; }
/** * Creates the new FsPermission for an inode that is receiving an extended * ACL, based on its access ACL entries. For a correctly sorted ACL, the * first entry is the owner and the last 2 entries are the mask and other * entries respectively. Also preserve sticky bit and toggle ACL bit on. * Note that this method intentionally copies the permissions of the mask * entry into the FsPermission group permissions. This is consistent with the * POSIX ACLs model, which presents the mask as the permissions of the group * class. * * @param accessEntries List<AclEntry> access ACL entries * @param existingPerm FsPermission existing permissions * @return FsPermission new permissions */ private static FsPermission createFsPermissionForExtendedAcl( List<AclEntry> accessEntries, FsPermission existingPerm) { return new FsPermission(accessEntries.get(0).getPermission(), accessEntries.get(accessEntries.size() - 2).getPermission(), accessEntries.get(accessEntries.size() - 1).getPermission(), existingPerm.getStickyBit()); }
/** * Creates the new FsPermission for an inode that is receiving a minimal ACL, * based on its access ACL entries. For a correctly sorted ACL, the owner, * group and other permissions are in order. Also preserve sticky bit and * toggle ACL bit off. * * @param accessEntries List<AclEntry> access ACL entries * @param existingPerm FsPermission existing permissions * @return FsPermission new permissions */ private static FsPermission createFsPermissionForMinimalAcl( List<AclEntry> accessEntries, FsPermission existingPerm) { return new FsPermission(accessEntries.get(0).getPermission(), accessEntries.get(1).getPermission(), accessEntries.get(2).getPermission(), existingPerm.getStickyBit()); }
if (inodeAttr.getFsPermission().getStickyBit()) { for (INode child : cList) { INodeAttributes childInodeAttr =
/** Guarded by {@link FSNamesystem#readLock()} */ private void checkStickyBit(INodeAttributes[] inodes, byte[][] components, int index) throws AccessControlException { INodeAttributes parent = inodes[index]; if (!parent.getFsPermission().getStickyBit()) { return; } INodeAttributes inode = inodes[index + 1]; if (!isStickyBitViolated(parent, inode)) { return; } throwStickyBitException(getPath(components, 0, index + 1), inode, getPath(components, 0, index), parent); }
FsAction groupPerm = featureEntries.get(groupEntryIndex).getPermission(); FsPermission newPerm = new FsPermission(perm.getUserAction(), groupPerm, perm.getOtherAction(), perm.getStickyBit()); inode.setPermission(newPerm, snapshotId);
private static void checkXAttrChangeAccess( FSDirectory fsd, INodesInPath iip, XAttr xAttr, FSPermissionChecker pc) throws AccessControlException, FileNotFoundException { if (fsd.isPermissionEnabled() && xAttr.getNameSpace() == XAttr.NameSpace .USER) { final INode inode = iip.getLastINode(); if (inode != null && inode.isDirectory() && inode.getFsPermission().getStickyBit()) { if (!pc.isSuperUser()) { fsd.checkOwner(pc, iip); } } else { fsd.checkPathAccess(pc, iip, FsAction.WRITE); } } }
@Override public boolean hasStickyBit(FsPermission permission) { return permission.getStickyBit(); }
@Override public boolean hasStickyBit(FsPermission permission) { return permission.getStickyBit(); }
@Override public boolean hasStickyBit(FsPermission permission) { return permission.getStickyBit(); }
@Override public boolean hasStickyBit(FsPermission permission) { return permission.getStickyBit(); }
/** * Return the JSON formatted ACL status of the specified file. * @param path a path specifies a file * @return JSON formatted AclStatus * @throws IOException if failed to serialize fileStatus to JSON. */ String getAclStatus(String path) throws IOException { PermissionStatus p = getPermissionStatus(path); List<AclEntry> aclEntryList = getAclEntryList(path); FsPermission permission = p.getPermission(); AclStatus.Builder builder = new AclStatus.Builder(); builder.owner(p.getUserName()).group(p.getGroupName()) .addEntries(aclEntryList).setPermission(permission) .stickyBit(permission.getStickyBit()); AclStatus aclStatus = builder.build(); return JsonUtil.toJsonString(aclStatus); }
@Override public boolean getPinning(ExtendedBlock block) throws IOException { if (!blockPinningEnabled) { return false; } File f = getBlockFile(block); FileStatus fss = localFS.getFileStatus(new Path(f.getAbsolutePath())); return fss.getPermission().getStickyBit(); }
@Override public boolean getPinning(ExtendedBlock block) throws IOException { if (!blockPinningEnabled) { return false; } File f = getBlockFile(block); FileStatus fss = localFS.getFileStatus(new Path(f.getAbsolutePath())); return fss.getPermission().getStickyBit(); }
static AclStatus getAclStatus( FSDirectory fsd, FSPermissionChecker pc, String src) throws IOException { checkAclsConfigFlag(fsd); fsd.readLock(); try { INodesInPath iip = fsd.resolvePath(pc, src, DirOp.READ); // There is no real inode for the path ending in ".snapshot", so return a // non-null, unpopulated AclStatus. This is similar to getFileInfo. if (iip.isDotSnapshotDir() && fsd.getINode4DotSnapshot(iip) != null) { return new AclStatus.Builder().owner("").group("").build(); } INode inode = FSDirectory.resolveLastINode(iip); int snapshotId = iip.getPathSnapshotId(); List<AclEntry> acl = AclStorage.readINodeAcl(fsd.getAttributes(iip)); FsPermission fsPermission = inode.getFsPermission(snapshotId); return new AclStatus.Builder() .owner(inode.getUserName()).group(inode.getGroupName()) .stickyBit(fsPermission.getStickyBit()) .setPermission(fsPermission) .addEntries(acl).build(); } catch (AclException e){ throw new AclException(e.getMessage() + " Path: " + src, e); } finally { fsd.readUnlock(); } }
/** * Test that if a directory is created in a directory that has the sticky bit * on, the new directory does not automatically get a sticky bit, as is * standard Unix behavior */ private void confirmStickyBitDoesntPropagate(FileSystem hdfs, Path p) throws IOException { // Create a subdirectory within it Path p2 = new Path(p, "bar"); hdfs.mkdirs(p2); // Ensure new directory doesn't have its sticky bit on assertFalse(hdfs.getFileStatus(p2).getPermission().getStickyBit()); }
@Override public boolean equals(Object obj) { if (obj instanceof FsPermission) { FsPermission that = (FsPermission) obj; return this.getUserAction() == that.getUserAction() && this.getGroupAction() == that.getGroupAction() && this.getOtherAction() == that.getOtherAction() && this.getStickyBit() == that.getStickyBit(); } return false; }
@Override public boolean equals(Object obj) { if (obj instanceof FsPermission) { FsPermission that = (FsPermission) obj; return this.getUserAction() == that.getUserAction() && this.getGroupAction() == that.getGroupAction() && this.getOtherAction() == that.getOtherAction() && this.getStickyBit() == that.getStickyBit(); } return false; }