/** * Ensure that even if a file is in a directory with the sticky bit on, * another user can write to that file (assuming correct permissions). */ private void confirmCanAppend(Configuration conf, FileSystem hdfs, Path baseDir) throws IOException, InterruptedException { // Create a tmp directory with wide-open permissions and sticky bit Path p = new Path(baseDir, "tmp"); hdfs.mkdirs(p); hdfs.setPermission(p, new FsPermission((short) 01777)); // Write a file to the new tmp directory as a regular user hdfs = DFSTestUtil.getFileSystemAs(user1, conf); Path file = new Path(p, "foo"); writeFile(hdfs, file); hdfs.setPermission(file, new FsPermission((short) 0777)); // Log onto cluster as another user and attempt to append to file hdfs = DFSTestUtil.getFileSystemAs(user2, conf); Path file2 = new Path(p, "foo"); FSDataOutputStream h = hdfs.append(file2); h.write("Some more data".getBytes()); h.close(); }
/** * Test that one user can't delete another user's file when the sticky bit is * set. */ private void confirmDeletingFiles(Configuration conf, FileSystem hdfs, Path baseDir) throws IOException, InterruptedException { Path p = new Path(baseDir, "contemporary"); hdfs.mkdirs(p); hdfs.setPermission(p, new FsPermission((short) 01777)); // Write a file to the new temp directory as a regular user hdfs = DFSTestUtil.getFileSystemAs(user1, conf); Path file = new Path(p, "foo"); writeFile(hdfs, file); // Make sure the correct user is the owner assertEquals(user1.getShortUserName(), hdfs.getFileStatus(file).getOwner()); // Log onto cluster as another user and attempt to delete the file FileSystem hdfs2 = DFSTestUtil.getFileSystemAs(user2, conf); try { hdfs2.delete(file, false); fail("Shouldn't be able to delete someone else's file with SB on"); } catch (IOException ioe) { assertTrue(ioe instanceof AccessControlException); assertTrue(ioe.getMessage().contains("sticky bit")); } }
writeFile(hdfs2, file);
/** * Ensure that even if a file is in a directory with the sticky bit on, * another user can write to that file (assuming correct permissions). */ private void confirmCanAppend(Configuration conf, Path p) throws Exception { // Write a file to the new tmp directory as a regular user Path file = new Path(p, "foo"); writeFile(hdfsAsUser1, file); hdfsAsUser1.setPermission(file, new FsPermission((short) 0777)); // Log onto cluster as another user and attempt to append to file Path file2 = new Path(p, "foo"); FSDataOutputStream h = null; try { h = hdfsAsUser2.append(file2); h.write("Some more data".getBytes()); h.close(); h = null; } finally { IOUtils.cleanup(null, h); } }
writeFile(hdfs, f); assertFalse(hdfs.getFileStatus(f).getPermission().getStickyBit());
/** * Test that one user can't delete another user's file when the sticky bit is * set. */ private void confirmDeletingFiles(Configuration conf, Path p) throws Exception { // Write a file to the new temp directory as a regular user Path file = new Path(p, "foo"); writeFile(hdfsAsUser1, file); // Make sure the correct user is the owner assertEquals(user1.getShortUserName(), hdfsAsUser1.getFileStatus(file).getOwner()); // Log onto cluster as another user and attempt to delete the file try { hdfsAsUser2.delete(file, false); fail("Shouldn't be able to delete someone else's file with SB on"); } catch (IOException ioe) { assertTrue(ioe instanceof AccessControlException); assertTrue(ioe.getMessage().contains("sticky bit")); assertTrue(ioe.getMessage().contains("user="+user2.getUserName())); assertTrue(ioe.getMessage().contains("path=\"" + file + "\"")); assertTrue(ioe.getMessage().contains("parent=\"" + file.getParent() + "\"")); } }
private void testMovingFiles(boolean useAcl) throws Exception { // Create a tmp directory with wide-open permissions and sticky bit Path tmpPath = new Path("/tmp"); Path tmpPath2 = new Path("/tmp2"); hdfs.mkdirs(tmpPath); hdfs.mkdirs(tmpPath2); hdfs.setPermission(tmpPath, new FsPermission((short) 01777)); if (useAcl) { applyAcl(tmpPath); } hdfs.setPermission(tmpPath2, new FsPermission((short) 01777)); if (useAcl) { applyAcl(tmpPath2); } // Write a file to the new tmp directory as a regular user Path file = new Path(tmpPath, "foo"); writeFile(hdfsAsUser1, file); // Log onto cluster as another user and attempt to move the file try { hdfsAsUser2.rename(file, new Path(tmpPath2, "renamed")); fail("Shouldn't be able to rename someone else's file with SB on"); } catch (IOException ioe) { assertTrue(ioe instanceof AccessControlException); assertTrue(ioe.getMessage().contains("sticky bit")); } }
/** * Test basic ability to get and set sticky bits on files and directories. */ private void confirmSettingAndGetting(FileSystem hdfs, Path p, Path baseDir) throws IOException { // Initially sticky bit should not be set assertFalse(hdfs.getFileStatus(p).getPermission().getStickyBit()); // Same permission, but with sticky bit on short withSB; withSB = (short) (hdfs.getFileStatus(p).getPermission().toShort() | 01000); assertTrue((new FsPermission(withSB)).getStickyBit()); hdfs.setPermission(p, new FsPermission(withSB)); assertTrue(hdfs.getFileStatus(p).getPermission().getStickyBit()); // Write a file to the fs, try to set its sticky bit Path f = new Path(baseDir, "somefile"); writeFile(hdfs, f); assertFalse(hdfs.getFileStatus(f).getPermission().getStickyBit()); withSB = (short) (hdfs.getFileStatus(f).getPermission().toShort() | 01000); hdfs.setPermission(f, new FsPermission(withSB)); assertTrue(hdfs.getFileStatus(f).getPermission().getStickyBit()); }