HADOOP-10270. getfacl does not display effective permissions of masked. Contributed by Chris Nauroth.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/HDFS-4685@1563219 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth
parent
c654c2e8b9
commit
d5f4f76a23
|
|
@ -116,6 +116,7 @@ class AclCommands extends FsCommand {
|
|||
.build());
|
||||
|
||||
// Print all extended access ACL entries.
|
||||
boolean hasAccessAcl = false;
|
||||
Iterator<AclEntry> entryIter = entries.iterator();
|
||||
AclEntry curEntry = null;
|
||||
while (entryIter.hasNext()) {
|
||||
|
|
@ -123,13 +124,15 @@ class AclCommands extends FsCommand {
|
|||
if (curEntry.getScope() == AclEntryScope.DEFAULT) {
|
||||
break;
|
||||
}
|
||||
out.println(curEntry);
|
||||
hasAccessAcl = true;
|
||||
printExtendedAclEntry(curEntry, perm.getGroupAction());
|
||||
}
|
||||
|
||||
// Print mask entry implied by group permission bits.
|
||||
// Print mask entry implied by group permission bits, or print group entry
|
||||
// if there is no access ACL (only default ACL).
|
||||
out.println(new AclEntry.Builder()
|
||||
.setScope(AclEntryScope.ACCESS)
|
||||
.setType(AclEntryType.MASK)
|
||||
.setType(hasAccessAcl ? AclEntryType.MASK : AclEntryType.GROUP)
|
||||
.setPermission(perm.getGroupAction())
|
||||
.build());
|
||||
|
||||
|
|
@ -143,9 +146,35 @@ class AclCommands extends FsCommand {
|
|||
// Print default ACL entries.
|
||||
if (curEntry != null && curEntry.getScope() == AclEntryScope.DEFAULT) {
|
||||
out.println(curEntry);
|
||||
// ACL sort order guarantees default mask is the second-to-last entry.
|
||||
FsAction maskPerm = entries.get(entries.size() - 2).getPermission();
|
||||
while (entryIter.hasNext()) {
|
||||
printExtendedAclEntry(entryIter.next(), maskPerm);
|
||||
}
|
||||
}
|
||||
while (entryIter.hasNext()) {
|
||||
out.println(entryIter.next());
|
||||
}
|
||||
|
||||
/**
|
||||
* Prints a single extended ACL entry. If the mask restricts the
|
||||
* permissions of the entry, then also prints the restricted version as the
|
||||
* effective permissions. The mask applies to all named entries and also
|
||||
* the unnamed group entry.
|
||||
*
|
||||
* @param entry AclEntry extended ACL entry to print
|
||||
* @param maskPerm FsAction permissions in the ACL's mask entry
|
||||
*/
|
||||
private void printExtendedAclEntry(AclEntry entry, FsAction maskPerm) {
|
||||
if (entry.getName() != null || entry.getType() == AclEntryType.GROUP) {
|
||||
FsAction entryPerm = entry.getPermission();
|
||||
FsAction effectivePerm = entryPerm.and(maskPerm);
|
||||
if (entryPerm != effectivePerm) {
|
||||
out.println(String.format("%-31s #effective:%s", entry,
|
||||
effectivePerm.SYMBOL));
|
||||
} else {
|
||||
out.println(entry);
|
||||
}
|
||||
} else {
|
||||
out.println(entry);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -70,3 +70,6 @@ HDFS-4685 (Unreleased)
|
|||
|
||||
HDFS-5849. Removing ACL from an inode fails if it has only a default ACL.
|
||||
(cnauroth)
|
||||
|
||||
HADOOP-10270. getfacl does not display effective permissions of masked
|
||||
entries. (cnauroth)
|
||||
|
|
|
|||
|
|
@ -756,5 +756,135 @@
|
|||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
<test>
|
||||
<description>getfacl: only default ACL</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /dir1</command>
|
||||
<command>-fs NAMENODE -setfacl -m default:user:charlie:rwx /dir1</command>
|
||||
<command>-fs NAMENODE -getfacl /dir1</command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rm -R /dir1</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># file: /dir1</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># owner: USERNAME</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># group: supergroup</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>group::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>other::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:user:charlie:rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:group::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:mask::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:other::r-x</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
<test>
|
||||
<description>getfacl: effective permissions</description>
|
||||
<test-commands>
|
||||
<command>-fs NAMENODE -mkdir /dir1</command>
|
||||
<command>-fs NAMENODE -setfacl -m user:charlie:rwx,group::-wx,group:sales:rwx,mask::r-x,default:user:charlie:rwx,default:group::r-x,default:group:sales:rwx,default:mask::rw- /dir1</command>
|
||||
<command>-fs NAMENODE -getfacl /dir1</command>
|
||||
</test-commands>
|
||||
<cleanup-commands>
|
||||
<command>-fs NAMENODE -rm -R /dir1</command>
|
||||
</cleanup-commands>
|
||||
<comparators>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># file: /dir1</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># owner: USERNAME</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output># group: supergroup</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^user:charlie:rwx\s+#effective:r-x$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^group::-wx\s+#effective:--x$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^group:sales:rwx\s+#effective:r-x$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>mask::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>other::r-x</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:user::rwx</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^default:user:charlie:rwx\s+#effective:rw-$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^default:group::r-x\s+#effective:r--$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>RegexpComparator</type>
|
||||
<expected-output>^default:group:sales:rwx\s+#effective:rw-$</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:mask::rw-</expected-output>
|
||||
</comparator>
|
||||
<comparator>
|
||||
<type>SubstringComparator</type>
|
||||
<expected-output>default:other::r-x</expected-output>
|
||||
</comparator>
|
||||
</comparators>
|
||||
</test>
|
||||
</tests>
|
||||
</configuration>
|
||||
</configuration>
|
||||
|
|
|
|||
Loading…
Reference in New Issue