/** * Returns a list of {@link AclEntry} which represent this ACL instance. The mask will only be * included if extended ACL entries exist. * * @return an immutable list of ACL entries */ @Override public List<AclEntry> getEntries() { if (isEmpty()) { return new ArrayList<>(); } List<AclEntry> aclEntryList = super.getEntries(); for (AclEntry entry : aclEntryList) { entry.setDefault(true); } return aclEntryList; }
/** * Creates a child directory's access ACL and default ACL based on the default ACL. * @param umask child's umask * @return child directory's access ACL and default ACL */ public Pair<AccessControlList, DefaultAccessControlList> generateChildDirACL(Short umask) { AccessControlList acl = generateChildFileACL(umask); DefaultAccessControlList dAcl = new DefaultAccessControlList(acl); dAcl.setEmpty(false); dAcl.mOwningUser = mOwningUser; dAcl.mOwningGroup = mOwningGroup; dAcl.mMode = mMode; if (mExtendedEntries == null) { dAcl.mExtendedEntries = null; } else { dAcl.mExtendedEntries = new ExtendedACLEntries(mExtendedEntries); } return new Pair<>(acl, dAcl); }
/** * @return the default ACL as string entries for this file */ public List<String> convertDefaultAclToStringEntries() { // do not use getX as the name of the method, otherwise it will be used by json serialization return (mDefaultAcl == null) ? new ArrayList<>() : mDefaultAcl.toStringEntries(); }
: newDir.getMode(); DefaultAccessControlList dAcl = currentInodeDirectory.getDefaultACL(); if (!dAcl.isEmpty()) { Pair<AccessControlList, DefaultAccessControlList> pair = dAcl.generateChildDirACL(mode); newDir.setInternalAcl(pair.getFirst()); newDir.setDefaultACL(pair.getSecond()); : newDir.getMode(); DefaultAccessControlList dAcl = currentInodeDirectory.getDefaultACL(); if (!dAcl.isEmpty()) { Pair<AccessControlList, DefaultAccessControlList> pair = dAcl.generateChildDirACL(mode); newDir.setInternalAcl(pair.getFirst()); newDir.setDefaultACL(pair.getSecond()); if (!dAcl.isEmpty()) { AccessControlList acl = dAcl.generateChildFileACL(mode); newFile.setInternalAcl(acl);
/** * Creates a new instance of {@link MutableInodeDirectory}. * * @param id the id to use */ private MutableInodeDirectory(long id) { super(id, true); mMountPoint = false; mDirectChildrenLoaded = false; mChildCount = 0; mDefaultAcl = new DefaultAccessControlList(mAcl); }
/** * @param pAcl the proto representation * @return the {@link AccessControlList} instance created from the proto representation */ public static AccessControlList fromProto(PAcl pAcl) { AccessControlList acl; if (pAcl.getIsDefault()) { acl = new DefaultAccessControlList(); ((DefaultAccessControlList) acl).setEmpty(pAcl.getIsDefaultEmpty()); } else { acl = new AccessControlList(); } acl.setOwningUser(pAcl.getOwner()); acl.setOwningGroup(pAcl.getOwningGroup()); acl.setMode((short) pAcl.getMode()); if (pAcl.getEntriesCount() > 0) { for (PAclEntry tEntry : pAcl.getEntriesList()) { acl.setEntry(fromProto(tEntry)); } } return acl; }
private void setUfsAcl(LockedInodePath inodePath) throws InvalidPathException, AccessControlException { Inode inode = inodePath.getInodeOrNull(); checkUfsMode(inodePath.getUri(), OperationType.WRITE); MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri()); String ufsUri = resolution.getUri().toString(); try (CloseableResource<UnderFileSystem> ufsResource = resolution.acquireUfsResource()) { UnderFileSystem ufs = ufsResource.get(); if (ufs.isObjectStorage()) { LOG.warn("SetACL is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object."); } else { try { List<AclEntry> entries = new ArrayList<>(inode.getACL().getEntries()); if (inode.isDirectory()) { entries.addAll(inode.asDirectory().getDefaultACL().getEntries()); } ufs.setAclEntries(ufsUri, entries); } catch (IOException e) { throw new AccessControlException("Could not setAcl for UFS file: " + ufsUri); } } } }
builder.setAcl(toProto(fileInfo.getAcl())); if (!fileInfo.getDefaultAcl().equals(DefaultAccessControlList.EMPTY_DEFAULT_ACL)) { builder.setDefaultAcl(toProto(fileInfo.getDefaultAcl()));
AclEntry aclEntry = AclEntry.fromCliString(stringEntries.get(0)); if (aclEntry.isDefault()) { acl = new DefaultAccessControlList(); } else { acl = new AccessControlList(); acl = new DefaultAccessControlList();
@Test public void removeExtendedDefaultAclMask() throws Exception { mFileSystemMaster.createDirectory(NESTED_URI, CreateDirectoryContext .defaults(CreateDirectoryPOptions.newBuilder().setRecursive(true))); AclEntry newAcl = AclEntry.fromCliString("default:user:newuser:rwx"); // Add an ACL addAcl(NESTED_URI, newAcl); assertThat(getInfo(NESTED_URI).getDefaultAcl().getEntries(), hasItem(newAcl)); // Attempt to remove the ACL mask AclEntry maskEntry = AclEntry.fromCliString("default:mask::rwx"); assertThat(getInfo(NESTED_URI).getDefaultAcl().getEntries(), hasItem(maskEntry)); try { removeAcl(NESTED_URI, maskEntry); fail("Expected removing the mask from an extended ACL to fail"); } catch (IOException e) { assertThat(e.getMessage(), containsString("mask")); } // Remove the extended ACL removeAcl(NESTED_URI, newAcl); // Now we can add and remove a mask addAcl(NESTED_URI, maskEntry); removeAcl(NESTED_URI, maskEntry); }
/** * @param defaultAcl the default access control list to convert * @return the proto representation of default acl object */ public static PAcl toProto(DefaultAccessControlList defaultAcl) { PAcl.Builder pAcl = PAcl.newBuilder(toProto((AccessControlList) defaultAcl)); pAcl.setIsDefault(true); pAcl.setIsDefaultEmpty(defaultAcl.isEmpty()); return pAcl.build(); }
private void apply(SetAclEntry entry) { MutableInode<?> inode = mInodeStore.getMutable(entry.getId()).get(); List<AclEntry> entries = StreamUtils.map(ProtoUtils::fromProto, entry.getEntriesList()); switch (entry.getAction()) { case REPLACE: // fully replace the acl for the path inode.replaceAcl(entries); break; case MODIFY: inode.setAcl(entries); break; case REMOVE: inode.removeAcl(entries); break; case REMOVE_ALL: inode.removeExtendedAcl(); break; case REMOVE_DEFAULT: inode.setDefaultACL(new DefaultAccessControlList(inode.getACL())); break; default: LOG.warn("Unrecognized acl action: " + entry.getAction()); } mInodeStore.writeInode(inode); }
@Override protected void runPlainPath(AlluxioURI path, CommandLine cl) throws AlluxioException, IOException { URIStatus status = mFileSystem.getStatus(path); System.out.println("# file: " + status.getPath()); System.out.println("# owner: " + status.getOwner()); System.out.println("# group: " + status.getGroup()); for (String entry : status.getAcl().toStringEntries()) { System.out.println(entry); } List<String> defaultAclEntries = status.getDefaultAcl().toStringEntries(); for (String entry: defaultAclEntries) { System.out.println(entry); } }
createDirectoryContext.setDefaultAcl(defaultAcl.getEntries());
private void printLsString(URIStatus status, boolean hSize) { // detect the extended acls boolean hasExtended = status.getAcl().hasExtended() || !status.getDefaultAcl().isEmpty(); System.out.print(formatLsString(hSize, SecurityUtils.isSecurityEnabled(mFsContext.getConf()), status.isFolder(), FormatUtils.formatMode((short) status.getMode(), status.isFolder(), hasExtended), status.getOwner(), status.getGroup(), status.getLength(), status.getLastModificationTimeMs(), status.getInAlluxioPercentage(), status.getPersistenceState(), status.getPath(), mFsContext.getConf().get(PropertyKey.USER_DATE_FORMAT_PATTERN))); }
AccessControlList ret; if (acl.hasIsDefault() && acl.getIsDefault()) { ret = new DefaultAccessControlList(); } else { ret = new AccessControlList();
@Test public void inheritNonExtendedDefaultAcl() throws Exception { AlluxioURI dir = new AlluxioURI("/dir"); mFileSystemMaster.createDirectory(dir, CreateDirectoryContext.defaults()); String aclString = "default:user::-w-"; mFileSystemMaster.setAcl(dir, SetAclAction.MODIFY, Arrays.asList(AclEntry.fromCliString(aclString)), SetAclContext.defaults()); AlluxioURI inner = new AlluxioURI("/dir/inner"); mFileSystemMaster.createDirectory(inner, CreateDirectoryContext.defaults()); FileInfo fileInfo = mFileSystemMaster.getFileInfo(inner, GetStatusContext.defaults()); List<String> accessEntries = fileInfo.getAcl().toStringEntries(); assertTrue(accessEntries.toString(), accessEntries.contains("user::-w-")); List<String> defaultEntries = fileInfo.getDefaultAcl().toStringEntries(); assertTrue(defaultEntries.toString(), defaultEntries.contains(aclString)); }
/** * Creates a new instance of {@link alluxio.util.webui.UIFileInfo}. * * @param status underlying {@link URIStatus} */ public UIFileInfo(URIStatus status) { // detect the extended acls boolean hasExtended = status.getAcl().hasExtended() || !status.getDefaultAcl().isEmpty(); mId = status.getFileId(); mName = status.getName(); mAbsolutePath = status.getPath(); mBlockSizeBytes = status.getBlockSizeBytes(); mSize = status.getLength(); mCreationTimeMs = status.getCreationTimeMs(); mLastModificationTimeMs = status.getLastModificationTimeMs(); mInAlluxio = (100 == status.getInAlluxioPercentage()); mInAlluxioPercentage = status.getInAlluxioPercentage(); mIsDirectory = status.isFolder(); mPinned = status.isPinned(); mOwner = status.getOwner(); mGroup = status.getGroup(); mMode = FormatUtils.formatMode((short) status.getMode(), status.isFolder(), hasExtended); mPersistenceState = status.getPersistenceState(); mFileLocations = new ArrayList<>(); }
ret.mDefaultAcl = (DefaultAccessControlList) ProtoUtils.fromProto(entry.getDefaultAcl()); } else { ret.mDefaultAcl = new DefaultAccessControlList();