From e9c7a97089dd1234a7f1782f79b1b0b190b98f39 Mon Sep 17 00:00:00 2001 From: Brahma Reddy Battula Date: Mon, 31 Oct 2016 00:22:51 +0530 Subject: [PATCH] HDFS-10455. Logging the username when deny the setOwner operation. Contributed by Rakesh R. --- .../hadoop/hdfs/server/namenode/FSDirAttrOp.java | 6 ++++-- .../org/apache/hadoop/security/TestPermission.java | 10 +++++----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java index 417ce017aca..a3e7f9fd150 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirAttrOp.java @@ -84,10 +84,12 @@ public class FSDirAttrOp { fsd.checkOwner(pc, iip); if (!pc.isSuperUser()) { if (username != null && !pc.getUser().equals(username)) { - throw new AccessControlException("Non-super user cannot change owner"); + throw new AccessControlException("User " + username + + " is not a super user (non-super user cannot change owner)."); } if (group != null && !pc.isMemberOfGroup(group)) { - throw new AccessControlException("User does not belong to " + group); + throw new AccessControlException( + "User " + username + " does not belong to " + group); } } unprotectedSetOwner(fsd, iip, username, group); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java index e505642a9e9..813ac5a95ff 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/security/TestPermission.java @@ -337,7 +337,7 @@ public class TestPermission { fail("Expect ACE when a non-super user tries to change a file to a " + "group where the user does not belong."); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith("User does not belong to")); + assertThat(e.getMessage(), startsWith("User null does not belong to")); } } @@ -371,8 +371,8 @@ public class TestPermission { userfs.setOwner(file, NOUSER, null); fail("Expect ACE when a non-super user tries to change owner"); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith( - "Non-super user cannot change owner")); + assertThat(e.getMessage(), startsWith("User " + NOUSER + + " is not a super user (non-super user cannot change owner)")); } } @@ -397,8 +397,8 @@ public class TestPermission { fail("Expect ACE or FNFE when a non-super user tries to change owner " + "for a non-existent file"); } catch (AccessControlException e) { - assertThat(e.getMessage(), startsWith( - "Non-super user cannot change owner")); + assertThat(e.getMessage(), startsWith("User " + NOUSER + + " is not a super user (non-super user cannot change owner)")); } catch (FileNotFoundException e) { } }