From 19627e5897388dadb85bee5f022ee195d189844b Mon Sep 17 00:00:00 2001 From: Vinayakumar B Date: Wed, 10 Dec 2014 08:27:15 +0530 Subject: [PATCH] HDFS-7481. Add ACL indicator to the 'Permission Denied' exception. (Contributed by Vinayakumar B ) (cherry picked from commit d93f3b9815f90d24c838574a56013e6dc60dc5ad) --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++ .../hdfs/server/namenode/FSPermissionChecker.java | 11 ++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index a04e7cc1ecd..2496083b66c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -301,6 +301,9 @@ Release 2.7.0 - UNRELEASED HDFS-7473. Document setting dfs.namenode.fs-limits.max-directory-items to 0 is invalid. (Akira AJISAKA via cnauroth) + HDFS-7481. Add ACL indicator to the "Permission Denied" exception. + (vinayakumarb) + Release 2.6.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java index 8de8c54bfc5..050848492d4 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java @@ -47,6 +47,12 @@ class FSPermissionChecker { /** @return a string for throwing {@link AccessControlException} */ private String toAccessControlString(INode inode, int snapshotId, FsAction access, FsPermission mode) { + return toAccessControlString(inode, snapshotId, access, mode, false); + } + + /** @return a string for throwing {@link AccessControlException} */ + private String toAccessControlString(INode inode, int snapshotId, FsAction access, + FsPermission mode, boolean deniedFromAcl) { StringBuilder sb = new StringBuilder("Permission denied: ") .append("user=").append(user).append(", ") .append("access=").append(access).append(", ") @@ -55,6 +61,9 @@ class FSPermissionChecker { .append(inode.getGroupName(snapshotId)).append(':') .append(inode.isDirectory() ? 'd' : '-') .append(mode); + if (deniedFromAcl) { + sb.append("+"); + } return sb.toString(); } @@ -338,7 +347,7 @@ class FSPermissionChecker { } throw new AccessControlException( - toAccessControlString(inode, snapshotId, access, mode)); + toAccessControlString(inode, snapshotId, access, mode, true)); } /** Guarded by {@link FSNamesystem#readLock()} */