Refine search
private HiveResourceACLs getResourceACLs(final FileSystem fs, final FileStatus stat) { String owner = stat.getOwner(); String group = stat.getGroup(); HiveResourceACLsImpl acls = new HiveResourceACLsImpl(); FsPermission permission = stat.getPermission(); if (permission.getUserAction().implies(FsAction.READ)) { acls.addUserEntry(owner, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getGroupAction().implies(FsAction.READ)) { acls.addGroupEntry(group, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getOtherAction().implies(FsAction.READ)) { acls.addGroupEntry("public", HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } return acls; }
private void checkPermission(FileSystem fs, Path path, boolean checkWritePermission) throws Exception { FsPermission perm = fs.getFileStatus(path).getPermission(); FsAction u = perm.getUserAction(); FsAction g = perm.getGroupAction(); FsAction o = perm.getOtherAction(); boolean changed = false; if (!g.implies(FsAction.READ_EXECUTE)) { g = g.or(FsAction.READ_EXECUTE); changed = true; if (!o.implies(FsAction.READ_EXECUTE)) { o = o.or(FsAction.READ_EXECUTE); changed = true; if (!g.implies(FsAction.WRITE)) { g = g.or(FsAction.WRITE); changed = true; if (!o.implies(FsAction.WRITE)) { o = o.or(FsAction.WRITE); changed = true; FsPermission desiredPerm = new FsPermission(u, g, o); fs.setPermission(path, desiredPerm); if (!fs.getFileStatus(path).getPermission().equals(desiredPerm)) { throw new RuntimeException("Failed to set permission for " + path + " from: " + perm + " to: " + desiredPerm);
public static boolean isActionPermittedForFileHierarchy(FileSystem fs, FileStatus fileStatus, String userName, FsAction action, boolean recurse) throws Exception { boolean isDir = fileStatus.isDir(); dirActionNeeded.and(FsAction.EXECUTE); } catch (AccessControlException err) { LOG.warn("Action " + action + " denied on " + fileStatus.getPath() + " for user " + userName); return false;
/** * Apply a umask to this permission and return a new one. * * The umask is used by create, mkdir, and other Hadoop filesystem operations. * The mode argument for these operations is modified by removing the bits * which are set in the umask. Thus, the umask limits the permissions which * newly created files and directories get. * * @param umask The umask to use * * @return The effective permission */ public FsPermission applyUMask(FsPermission umask) { return new FsPermission(useraction.and(umask.useraction.not()), groupaction.and(umask.groupaction.not()), otheraction.and(umask.otheraction.not())); }
public boolean canRead(String path) throws IOException { return DFS.getFileStatus(new Path(path)).getPermission().getUserAction().implies(FsAction.READ); } };
@Override public void write(Path path, byte[] contents, String userMode, String groupMode, String otherMode) throws RestException { FSDataOutputStream fsDataOutputStream; try { FsPermission permission = null; boolean setPermissions = false; if(StringUtils.isNotEmpty(userMode) && StringUtils.isNotEmpty(groupMode) && StringUtils.isNotEmpty(otherMode)) { // invalid actions will return null FsAction userAction = FsAction.getFsAction(userMode); FsAction groupAction = FsAction.getFsAction(groupMode); FsAction otherAction = FsAction.getFsAction(otherMode); if(userAction == null || groupAction == null || otherAction == null){ throw new RestException(String.format("Invalid permission set: user[%s] " + "group[%s] other[%s]", userAction, groupAction, otherAction)); } permission = new FsPermission(userAction, groupAction, otherAction); setPermissions = true; } fsDataOutputStream = FileSystem.get(configuration).create(path, true); fsDataOutputStream.write(contents); fsDataOutputStream.close(); if(setPermissions) { FileSystem.get(configuration).setPermission(path, permission); } } catch (IOException e) { throw new RestException(e); } }
/** * Validates Git key permissions are secure on disk and throw an exception if not. * Otherwise exit out gracefully */ void verifyKeyPermissions(FileSystem fs, Path keyPath) throws IOException, ActionExecutorException{ String failedPermsWarning = "The permissions on the access key {0} are considered insecure: {1}"; FileStatus status = fs.getFileStatus(keyPath); FsPermission perms = status.getPermission(); // check standard permissioning for other's read access if (perms.getOtherAction().and(FsAction.READ) == FsAction.READ) { throw new ActionExecutorException(ActionExecutorException.ErrorType.ERROR, "GIT012", XLog .format(failedPermsWarning, keyPath, perms.toString())); } // check if any ACLs have been specified which allow others read access if (perms.getAclBit()) { List<AclEntry> aclEntries = new ArrayList<>(fs.getAclStatus(keyPath).getEntries()); for (AclEntry acl: aclEntries) { if (acl.getType() == AclEntryType.OTHER && acl.getPermission().and(FsAction.READ) == FsAction.READ) { throw new ActionExecutorException(ActionExecutorException.ErrorType.ERROR, "GIT013", XLog .format(failedPermsWarning, keyPath, perms.toString())); } } } }
static FsPermission addExecutePermissionToOwner(FsPermission fsPermission) { FsAction newOwnerAction = fsPermission.getUserAction().or(FsAction.EXECUTE); return new FsPermission(newOwnerAction, fsPermission.getGroupAction(), fsPermission.getOtherAction()); }
FileSystem.get(conf != null ? conf : new Configuration()) .getHomeDirectory().toUri().getPath()); return Response.ok(js).type(MediaType.APPLICATION_JSON).build(); cp.checkAccess(fullpath, FsAction.getFsAction(fsAction.getValue())); return Response.ok().build();
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } final AclStatus aclStatus; final List<AclEntry> entries; if (item.stat.hasAcl()) { aclStatus = item.fs.getAclStatus(item.path); entries = aclStatus.getEntries(); } else { aclStatus = null; entries = Collections.<AclEntry> emptyList(); } ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getDefaultEntries()); out.println(); }
protected String getPerms(final FsPermission permission) { final StringBuilder sb = new StringBuilder(); for (FsAction action : new FsAction[]{permission.getUserAction(), permission.getGroupAction(), permission.getOtherAction()}) { if (action.implies(FsAction.READ)) { sb.append("r"); } else { sb.append("-"); } if (action.implies(FsAction.WRITE)) { sb.append("w"); } else { sb.append("-"); } if (action.implies(FsAction.EXECUTE)) { sb.append("x"); } else { sb.append("-"); } } return sb.toString(); }
public void testUMaskParser() throws IOException { Configuration conf = new Configuration(); // Ensure that we get the right octal values back for all legal values for(FsAction u : FsAction.values()) { for(FsAction g : FsAction.values()) { for(FsAction o : FsAction.values()) { FsPermission f = new FsPermission(u, g, o); String asOctal = String.format("%1$03o", f.toShort()); conf.set(FsPermission.UMASK_LABEL, asOctal); FsPermission fromConf = FsPermission.getUMask(conf); assertEquals(f, fromConf); } } } }
/** * Get permission for file status. * * @param status Status. * @return Permission. */ private String permission(FileStatus status) { FsPermission perm = status.getPermission(); return "0" + perm.getUserAction().ordinal() + perm.getGroupAction().ordinal() + perm.getOtherAction().ordinal(); }
@Override public Void call() throws IOException { getFileSystem().setPermission( HadoopFileSystemPathImpl.toHadoopFileSystemPathImpl( hadoopFileSystemPath ).getRawPath(), new FsPermission( FsAction.values()[ owner ], FsAction.values()[ group ], FsAction.values()[ other ] ) ); return null; } } );
@Parameterized.Parameters(name = "{0}") public static Collection abfsCreateNonRecursiveTestData() throws Exception { /* Test Data File/Folder name, User permission, Group permission, Other Permission, Parent already exist shouldCreateSucceed, expectedExceptionIfFileCreateFails */ final Collection<Object[]> datas = new ArrayList<>(); for (FsAction g : FsAction.values()) { for (FsAction o : FsAction.values()) { datas.add(new Object[] {new FsPermission(FsAction.ALL, g, o)}); } } return datas; }
public void testFsAction() { //implies for(FsAction a : FsAction.values()) { assertTrue(ALL.implies(a)); } for(FsAction a : FsAction.values()) { assertTrue(a == NONE? NONE.implies(a): !NONE.implies(a)); } for(FsAction a : FsAction.values()) { assertTrue(a == READ_EXECUTE || a == READ || a == EXECUTE || a == NONE? READ_EXECUTE.implies(a): !READ_EXECUTE.implies(a)); } //masks assertEquals(EXECUTE, EXECUTE.and(READ_EXECUTE)); assertEquals(READ, READ.and(READ_EXECUTE)); assertEquals(NONE, WRITE.and(READ_EXECUTE)); assertEquals(READ, READ_EXECUTE.and(READ_WRITE)); assertEquals(NONE, READ_EXECUTE.and(WRITE)); assertEquals(WRITE_EXECUTE, ALL.and(WRITE_EXECUTE)); }
if (entry.getScope() == AclEntryScope.ACCESS) { FsAction entryPerm = entry.getPermission(); return entryPerm.and(permArg.getGroupAction()); } else { Preconditions.checkArgument(this.entries.contains(entry) .getPermission(); FsAction entryPerm = entry.getPermission(); return entryPerm.and(defaultMask);
@Override public String toString() { String str = useraction.SYMBOL + groupaction.SYMBOL + otheraction.SYMBOL; if(stickyBit) { StringBuilder str2 = new StringBuilder(str); str2.replace(str2.length() - 1, str2.length(), otheraction.implies(FsAction.EXECUTE) ? "t" : "T"); str = str2.toString(); } return str; }
@VisibleForTesting FsAction getFsAction(int accessGroup, FTPFile ftpFile) { FsAction action = FsAction.NONE; if (ftpFile.hasPermission(accessGroup, FTPFile.READ_PERMISSION)) { action = action.or(FsAction.READ); } if (ftpFile.hasPermission(accessGroup, FTPFile.WRITE_PERMISSION)) { action = action.or(FsAction.WRITE); } if (ftpFile.hasPermission(accessGroup, FTPFile.EXECUTE_PERMISSION)) { action = action.or(FsAction.EXECUTE); } return action; }