private Map<String, String> createAttributes(final FileStatus status) { final Map<String, String> attributes = new HashMap<>(); attributes.put(CoreAttributes.FILENAME.key(), status.getPath().getName()); attributes.put(CoreAttributes.PATH.key(), getAbsolutePath(status.getPath().getParent())); attributes.put("hdfs.owner", status.getOwner()); attributes.put("hdfs.group", status.getGroup()); attributes.put("hdfs.lastModified", String.valueOf(status.getModificationTime())); attributes.put("hdfs.length", String.valueOf(status.getLen())); attributes.put("hdfs.replication", String.valueOf(status.getReplication())); final FsPermission permission = status.getPermission(); final String perms = getPerms(permission.getUserAction()) + getPerms(permission.getGroupAction()) + getPerms(permission.getOtherAction()); attributes.put("hdfs.permissions", perms); return attributes; }
static FsPermission addExecutePermissionToOwner(FsPermission fsPermission) { FsAction newOwnerAction = fsPermission.getUserAction().or(FsAction.EXECUTE); return new FsPermission(newOwnerAction, fsPermission.getGroupAction(), fsPermission.getOtherAction()); }
protected String getPerms(final FsPermission permission) { final StringBuilder sb = new StringBuilder(); for (FsAction action : new FsAction[]{permission.getUserAction(), permission.getGroupAction(), permission.getOtherAction()}) { if (action.implies(FsAction.READ)) { sb.append("r"); } else { sb.append("-"); } if (action.implies(FsAction.WRITE)) { sb.append("w"); } else { sb.append("-"); } if (action.implies(FsAction.EXECUTE)) { sb.append("x"); } else { sb.append("-"); } } return sb.toString(); }
aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.USER, sourcePerm.getUserAction())); aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, sourcePerm.getGroupAction())); aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, sourcePerm.getOtherAction()));
aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.USER, sourcePerm.getUserAction())); aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.GROUP, sourcePerm.getGroupAction())); aclEntries.add(newAclEntry(AclEntryScope.ACCESS, AclEntryType.OTHER, sourcePerm.getOtherAction()));
public static void checkFileAccess(FileSystem fs, FileStatus stat, FsAction action, String user, List<String> groups) throws IOException, AccessControlException { if (groups == null) { groups = emptyGroups; } String superGroupName = getSuperGroupName(fs.getConf()); if (userBelongsToSuperGroup(superGroupName, groups)) { LOG.info("User \"" + user + "\" belongs to super-group \"" + superGroupName + "\". " + "Permission granted for action: " + action + "."); return; } final FsPermission dirPerms = stat.getPermission(); final String grp = stat.getGroup(); if (user.equals(stat.getOwner())) { if (dirPerms.getUserAction().implies(action)) { return; } } else if (groups.contains(grp)) { if (dirPerms.getGroupAction().implies(action)) { return; } } else if (dirPerms.getOtherAction().implies(action)) { return; } throw new AccessControlException("action " + action + " not permitted on path " + stat.getPath() + " for user " + user); }
if (dirPerms.getUserAction().implies(action)) { return;
String user = ugi.getShortUserName(); if (user.equals(stat.getOwner())) { if (perm.getUserAction().implies(mode)) { return;
.setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER) .setPermission(perm.getUserAction()) .build());
/** * Throw an exception if an action is not permitted by a user on a file. * * @param ugi * the user * @param file * the file * @param action * the action */ public static void checkAccess(UserGroupInformation ugi, FileStatus file, FsAction action) throws AccessDeniedException { if (ugi.getShortUserName().equals(file.getOwner())) { if (file.getPermission().getUserAction().implies(action)) { return; } } else if (contains(ugi.getGroupNames(), file.getGroup())) { if (file.getPermission().getGroupAction().implies(action)) { return; } } else if (file.getPermission().getOtherAction().implies(action)) { return; } throw new AccessDeniedException("Permission denied:" + " action=" + action + " path=" + file.getPath() + " user=" + ugi.getShortUserName()); }
if (!currentRootPerms.getUserAction().implies(FsAction.EXECUTE) || !currentRootPerms.getGroupAction().implies(FsAction.EXECUTE) || !currentRootPerms.getOtherAction().implies(FsAction.EXECUTE)) { fs.setPermission( this.rootdir, new FsPermission(currentRootPerms.getUserAction().or(FsAction.EXECUTE), currentRootPerms .getGroupAction().or(FsAction.EXECUTE), currentRootPerms.getOtherAction().or( FsAction.EXECUTE)));
private static void validatePermissions(CliSessionState ss, HiveConf conf, String perms) { perms = perms.trim(); FsPermission fp = null; if (perms.matches("^\\s*([r,w,x,-]{9})\\s*$")) { fp = FsPermission.valueOf("d" + perms); } else if (perms.matches("^\\s*([0-7]{3})\\s*$")) { fp = new FsPermission(Short.decode("0" + perms)); } else { ss.err.println("Invalid permission specification: " + perms); sysExit(ss,1); } if (!HCatUtil.validateMorePermissive(fp.getUserAction(), fp.getGroupAction())) { ss.err.println("Invalid permission specification: " + perms + " : user permissions must be more permissive than group permission "); sysExit(ss,1); } if (!HCatUtil.validateMorePermissive(fp.getGroupAction(), fp.getOtherAction())) { ss.err.println("Invalid permission specification: " + perms + " : group permissions must be more permissive than other permission "); sysExit(ss,1); } if ((!HCatUtil.validateExecuteBitPresentIfReadOrWrite(fp.getUserAction())) || (!HCatUtil.validateExecuteBitPresentIfReadOrWrite(fp.getGroupAction())) || (!HCatUtil.validateExecuteBitPresentIfReadOrWrite(fp.getOtherAction()))) { ss.err.println("Invalid permission specification: " + perms + " : permissions must have execute permissions if read or write permissions are specified "); sysExit(ss,1); } conf.set(HCatConstants.HCAT_PERMS, "d" + fp.toString()); }
FsAction user = permission.getUserAction(); FsAction group = permission.getGroupAction(); FsAction other = permission.getOtherAction();
private void checkPermission(FileSystem fs, Path path, boolean checkWritePermission) throws Exception { FsPermission perm = fs.getFileStatus(path).getPermission(); FsAction u = perm.getUserAction(); FsAction g = perm.getGroupAction(); FsAction o = perm.getOtherAction();
/** * Get permission for file status. * * @param status Status. * @return Permission. */ private String permission(FileStatus status) { FsPermission perm = status.getPermission(); return "0" + perm.getUserAction().ordinal() + perm.getGroupAction().ordinal() + perm.getOtherAction().ordinal(); }
private HiveResourceACLs getResourceACLs(final FileSystem fs, final FileStatus stat) { String owner = stat.getOwner(); String group = stat.getGroup(); HiveResourceACLsImpl acls = new HiveResourceACLsImpl(); FsPermission permission = stat.getPermission(); if (permission.getUserAction().implies(FsAction.READ)) { acls.addUserEntry(owner, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getGroupAction().implies(FsAction.READ)) { acls.addGroupEntry(group, HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } if (permission.getOtherAction().implies(FsAction.READ)) { acls.addGroupEntry("public", HiveResourceACLs.Privilege.SELECT, HiveResourceACLs.AccessResult.ALLOWED); } return acls; }
/** * Translates the given permission bits to the equivalent minimal ACL. * * @param perm FsPermission to translate * @return List<AclEntry> containing exactly 3 entries representing the owner, * group and other permissions */ public static List<AclEntry> getMinimalAcl(FsPermission perm) { return Lists.newArrayList( new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER) .setPermission(perm.getUserAction()) .build(), new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.GROUP) .setPermission(perm.getGroupAction()) .build(), new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(AclEntryType.OTHER) .setPermission(perm.getOtherAction()) .build()); }
/** * Set sticky bit on path to pin file. * @param localFS local file system * @param path path to be pinned with sticky bit * @throws IOException */ public void setPinning(LocalFileSystem localFS, Path path) throws IOException { FsPermission oldPermission = localFS.getFileStatus(path).getPermission(); FsPermission permission = new FsPermission(oldPermission.getUserAction(), oldPermission.getGroupAction(), oldPermission.getOtherAction(), true); localFS.setPermission(path, permission); }
private static void checkHdfsAccessPermissions(FileStatus stat, FsAction mode) throws Exception { FsPermission perm = stat.getPermission(); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); String user = ugi.getShortUserName(); List<String> groups = Arrays.asList(ugi.getGroupNames()); if (user.equals(stat.getOwner())) { if (perm.getUserAction().implies(mode)) { return; } } else if (groups.contains(stat.getGroup())) { if (perm.getGroupAction().implies(mode)) { return; } } else { if (perm.getOtherAction().implies(mode)) { return; } } throw new Exception(String.format("Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", user, stat.getPath(), stat.getOwner(), stat.getGroup(), stat.isDirectory() ? "d" : "-", perm)); }
private static PermissionStatus addImplicitUwx(PermissionStatus parentPerm, PermissionStatus perm) { FsPermission p = parentPerm.getPermission(); FsPermission ancestorPerm = new FsPermission( p.getUserAction().or(FsAction.WRITE_EXECUTE), p.getGroupAction(), p.getOtherAction()); return new PermissionStatus(perm.getUserName(), perm.getGroupName(), ancestorPerm); }