HDFS-6741. Improve permission denied message when FSPermissionChecker#checkOwner fails. Contributed by Stephen Chu and Harsh J. (harsh)

This commit is contained in:
Harsh J 2014-10-28 12:08:26 +05:30
parent 2e156f01a2
commit 9548bb360b
4 changed files with 28 additions and 5 deletions

View File

@ -60,6 +60,9 @@ Release 2.7.0 - UNRELEASED
BUG FIXES
HDFS-6741. Improve permission denied message when
FSPermissionChecker#checkOwner fails (Stephen Chu and harsh).
HDFS-6538. Comment format error in ShortCircuitRegistry javadoc.
(David Luo via harsh).

View File

@ -198,7 +198,9 @@ class FSPermissionChecker {
if (inode != null && user.equals(inode.getUserName(snapshotId))) {
return;
}
throw new AccessControlException("Permission denied");
throw new AccessControlException(
"Permission denied. user="
+ user + " is not the owner of inode=" + inode);
}
/** Guarded by {@link FSNamesystem#readLock()} */

View File

@ -443,7 +443,11 @@ public class TestDFSPermission {
fs.access(p1, FsAction.WRITE);
fail("The access call should have failed.");
} catch (AccessControlException e) {
// expected
assertTrue("Permission denied messages must carry the username",
e.getMessage().contains(USER1_NAME));
assertTrue("Permission denied messages must carry the path parent",
e.getMessage().contains(
p1.getParent().toUri().getPath()));
}
Path badPath = new Path("/bad/bad");
@ -473,7 +477,11 @@ public class TestDFSPermission {
fs.access(p2, FsAction.EXECUTE);
fail("The access call should have failed.");
} catch (AccessControlException e) {
// expected
assertTrue("Permission denied messages must carry the username",
e.getMessage().contains(USER1_NAME));
assertTrue("Permission denied messages must carry the path parent",
e.getMessage().contains(
p2.getParent().toUri().getPath()));
}
}
@ -494,7 +502,11 @@ public class TestDFSPermission {
fs.access(p3, FsAction.READ_WRITE);
fail("The access call should have failed.");
} catch (AccessControlException e) {
// expected
assertTrue("Permission denied messages must carry the username",
e.getMessage().contains(USER1_NAME));
assertTrue("Permission denied messages must carry the path parent",
e.getMessage().contains(
p3.getParent().toUri().getPath()));
}
}

View File

@ -33,6 +33,7 @@ import static org.apache.hadoop.fs.permission.FsAction.WRITE;
import static org.apache.hadoop.fs.permission.FsAction.WRITE_EXECUTE;
import static org.apache.hadoop.hdfs.server.namenode.AclTestHelpers.aclEntry;
import static org.junit.Assert.fail;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.mock;
@ -41,6 +42,7 @@ import java.io.IOException;
import java.util.Arrays;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.AclEntry;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
@ -412,7 +414,11 @@ public class TestFSPermissionChecker {
fail("expected AccessControlException for user + " + user + ", path = " +
path + ", access = " + access);
} catch (AccessControlException e) {
// expected
assertTrue("Permission denied messages must carry the username",
e.getMessage().contains(user.getUserName().toString()));
assertTrue("Permission denied messages must carry the path parent",
e.getMessage().contains(
new Path(path).getParent().toUri().getPath()));
}
}