HDFS-9019. Adding informative message to sticky bit permission denied exception. Contributed by Xiaoyu Yao.
(cherry picked from commit 970daaa5e4
)
This commit is contained in:
parent
a0594961de
commit
b2465690a1
|
@ -552,6 +552,9 @@ Release 2.8.0 - UNRELEASED
|
||||||
HDFS-8984. Move replication queues related methods in FSNamesystem to
|
HDFS-8984. Move replication queues related methods in FSNamesystem to
|
||||||
BlockManager. (wheat9)
|
BlockManager. (wheat9)
|
||||||
|
|
||||||
|
HDFS-9019. Adding informative message to sticky bit permission denied
|
||||||
|
exception. (xyao)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HDFS-8026. Trace FSOutputSummer#writeChecksumChunks rather than
|
HDFS-8026. Trace FSOutputSummer#writeChecksumChunks rather than
|
||||||
|
|
|
@ -207,7 +207,7 @@ class FSPermissionChecker implements AccessControlEnforcer {
|
||||||
final INodeAttributes last = inodeAttrs[inodeAttrs.length - 1];
|
final INodeAttributes last = inodeAttrs[inodeAttrs.length - 1];
|
||||||
if (parentAccess != null && parentAccess.implies(FsAction.WRITE)
|
if (parentAccess != null && parentAccess.implies(FsAction.WRITE)
|
||||||
&& inodeAttrs.length > 1 && last != null) {
|
&& inodeAttrs.length > 1 && last != null) {
|
||||||
checkStickyBit(inodeAttrs[inodeAttrs.length - 2], last);
|
checkStickyBit(inodeAttrs[inodeAttrs.length - 2], last, path);
|
||||||
}
|
}
|
||||||
if (ancestorAccess != null && inodeAttrs.length > 1) {
|
if (ancestorAccess != null && inodeAttrs.length > 1) {
|
||||||
check(inodeAttrs, path, ancestorIndex, ancestorAccess);
|
check(inodeAttrs, path, ancestorIndex, ancestorAccess);
|
||||||
|
@ -405,8 +405,8 @@ class FSPermissionChecker implements AccessControlEnforcer {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Guarded by {@link FSNamesystem#readLock()} */
|
/** Guarded by {@link FSNamesystem#readLock()} */
|
||||||
private void checkStickyBit(INodeAttributes parent, INodeAttributes inode
|
private void checkStickyBit(INodeAttributes parent, INodeAttributes inode,
|
||||||
) throws AccessControlException {
|
String path) throws AccessControlException {
|
||||||
if (!parent.getFsPermission().getStickyBit()) {
|
if (!parent.getFsPermission().getStickyBit()) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -421,8 +421,14 @@ class FSPermissionChecker implements AccessControlEnforcer {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new AccessControlException("Permission denied by sticky bit setting:" +
|
throw new AccessControlException(String.format(
|
||||||
" user=" + getUser() + ", inode=" + inode);
|
"Permission denied by sticky bit: user=%s, path=\"%s\":%s:%s:%s%s, " +
|
||||||
|
"parent=\"%s\":%s:%s:%s%s", user,
|
||||||
|
path, inode.getUserName(), inode.getGroupName(),
|
||||||
|
inode.isDirectory() ? "d" : "-", inode.getFsPermission().toString(),
|
||||||
|
path.substring(0, path.length() - inode.toString().length() - 1 ),
|
||||||
|
parent.getUserName(), parent.getGroupName(),
|
||||||
|
parent.isDirectory() ? "d" : "-", parent.getFsPermission().toString()));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -140,6 +140,9 @@ public class TestStickyBit {
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
assertTrue(ioe instanceof AccessControlException);
|
assertTrue(ioe instanceof AccessControlException);
|
||||||
assertTrue(ioe.getMessage().contains("sticky bit"));
|
assertTrue(ioe.getMessage().contains("sticky bit"));
|
||||||
|
assertTrue(ioe.getMessage().contains("user="+user2.getUserName()));
|
||||||
|
assertTrue(ioe.getMessage().contains("path=\"" + file + "\""));
|
||||||
|
assertTrue(ioe.getMessage().contains("parent=\"" + file.getParent() + "\""));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue