/** * Check the permissions on a file. * @param fs Filesystem the file is contained in * @param stat Stat info for the file * @param action action to be performed * @throws IOException If thrown by Hadoop * @throws AccessControlException if the file cannot be accessed */ public static void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action) throws IOException, LoginException { checkFileAccess(fs, stat, action, SecurityUtils.getUGI()); }
public boolean isWritable(Path path) throws IOException { if (!storageAuthCheck) { // no checks for non-secure hadoop installations return true; } if (path == null) { //what??!! return false; } final FileStatus stat; final FileSystem fs; try { fs = getFs(path); stat = fs.getFileStatus(path); HdfsUtils.checkFileAccess(fs, stat, FsAction.WRITE); return true; } catch (FileNotFoundException fnfe){ // File named by path doesn't exist; nothing to validate. return true; } catch (Exception e) { // all other exceptions are considered as emanating from // unauthorized accesses if (LOG.isDebugEnabled()) { LOG.debug("Exception when checking if path (" + path + ")", e); } return false; } }
@Test public void userReadWriteExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE)); UserGroupInformation ugi = SecurityUtils.getUGI(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test public void otherReadWriteExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.NONE, FsAction.ALL)); UserGroupInformation ugi = ugiInvalidUserInvalidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test public void groupReadWriteExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.ALL, FsAction.NONE)); UserGroupInformation ugi = ugiInvalidUserValidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test public void rootReadWriteExecute() throws IOException, LoginException { UserGroupInformation ugi = SecurityUtils.getUGI(); FileSystem fs = FileSystem.get(new Configuration()); String old = fs.getConf().get("dfs.permissions.supergroup"); try { fs.getConf().set("dfs.permissions.supergroup", ugi.getPrimaryGroupName()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.NONE, FsAction.NONE)); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); } finally { fs.getConf().set("dfs.permissions.supergroup", old); } }
@Test(expected = AccessControlException.class) public void groupNoWrite() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.ALL)); UserGroupInformation ugi = ugiInvalidUserValidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); }
@Test(expected = AccessControlException.class) public void userNoRead() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.ALL, FsAction.ALL)); UserGroupInformation ugi = SecurityUtils.getUGI(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); }
@Test(expected = AccessControlException.class) public void groupNoRead() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.ALL)); UserGroupInformation ugi = ugiInvalidUserValidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); }
@Test(expected = AccessControlException.class) public void userNoExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.ALL, FsAction.ALL)); UserGroupInformation ugi = SecurityUtils.getUGI(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test(expected = AccessControlException.class) public void otherNoWrite() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.NONE)); UserGroupInformation ugi = ugiInvalidUserInvalidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); }
@Test(expected = AccessControlException.class) public void otherNoExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.NONE)); UserGroupInformation ugi = ugiInvalidUserInvalidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test(expected = AccessControlException.class) public void userNoWrite() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.NONE, FsAction.ALL, FsAction.ALL)); UserGroupInformation ugi = SecurityUtils.getUGI(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.WRITE, ugi); }
@Test(expected = AccessControlException.class) public void groupNoExecute() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.ALL)); UserGroupInformation ugi = ugiInvalidUserValidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.EXECUTE, ugi); }
@Test(expected = AccessControlException.class) public void otherNoRead() throws IOException, LoginException { FileSystem fs = FileSystem.get(makeConf()); Path p = createFile(fs, new FsPermission(FsAction.ALL, FsAction.ALL, FsAction.NONE)); UserGroupInformation ugi = ugiInvalidUserInvalidGroups(); HdfsUtils.checkFileAccess(fs, fs.getFileStatus(p), FsAction.READ, ugi); }
public boolean isWritable(Path path) throws IOException { if (!storageAuthCheck) { // no checks for non-secure hadoop installations return true; } if (path == null) { //what??!! return false; } final FileStatus stat; final FileSystem fs; try { fs = getFs(path); stat = fs.getFileStatus(path); HdfsUtils.checkFileAccess(fs, stat, FsAction.WRITE); return true; } catch (FileNotFoundException fnfe){ // File named by path doesn't exist; nothing to validate. return true; } catch (Exception e) { // all other exceptions are considered as emanating from // unauthorized accesses if (LOG.isDebugEnabled()) { LOG.debug("Exception when checking if path (" + path + ")", e); } return false; } }