diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java index ca1f9383cf7..2c85727776d 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/FSUtils.java @@ -57,7 +57,6 @@ import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.FileUtil; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.PathFilter; -import org.apache.hadoop.fs.permission.FsAction; import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hbase.ClusterId; import org.apache.hadoop.hbase.HColumnDescriptor; @@ -72,14 +71,12 @@ import org.apache.hadoop.hbase.fs.HFileSystem; import org.apache.hadoop.hbase.io.HFileLink; import org.apache.hadoop.hbase.master.HMaster; import org.apache.hadoop.hbase.regionserver.StoreFileInfo; -import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hdfs.DFSClient; import org.apache.hadoop.hdfs.DFSHedgedReadMetrics; import org.apache.hadoop.hdfs.DistributedFileSystem; import org.apache.hadoop.hdfs.protocol.HdfsConstants; import org.apache.hadoop.io.IOUtils; import org.apache.hadoop.ipc.RemoteException; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Progressable; import org.apache.hadoop.util.ReflectionUtils; import org.apache.hadoop.util.StringUtils; @@ -1546,33 +1543,6 @@ public abstract class FSUtils extends CommonFSUtils { } } - /** - * Throw an exception if an action is not permitted by a user on a file. - * - * @param ugi - * the user - * @param file - * the file - * @param action - * the action - */ - public static void checkAccess(UserGroupInformation ugi, FileStatus file, - FsAction action) throws AccessDeniedException { - if (ugi.getShortUserName().equals(file.getOwner())) { - if (file.getPermission().getUserAction().implies(action)) { - return; - } - } else if (ArrayUtils.contains(ugi.getGroupNames(), file.getGroup())) { - if (file.getPermission().getGroupAction().implies(action)) { - return; - } - } else if (file.getPermission().getOtherAction().implies(action)) { - return; - } - throw new AccessDeniedException("Permission denied:" + " action=" + action - + " path=" + file.getPath() + " user=" + ugi.getShortUserName()); - } - /** * This function is to scan the root path of the file system to get the * degree of locality for each region on each of the servers having at least diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java index 204b3992b83..c3472134b35 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/util/HBaseFsck.java @@ -116,7 +116,6 @@ import org.apache.hadoop.hbase.replication.ReplicationException; import org.apache.hadoop.hbase.replication.ReplicationPeerDescription; import org.apache.hadoop.hbase.replication.ReplicationQueueStorage; import org.apache.hadoop.hbase.replication.ReplicationStorageFactory; -import org.apache.hadoop.hbase.security.AccessDeniedException; import org.apache.hadoop.hbase.security.UserProvider; import org.apache.hadoop.hbase.util.Bytes.ByteArrayComparator; import org.apache.hadoop.hbase.util.HbckErrorReporter.ERROR_CODE; @@ -129,6 +128,7 @@ import org.apache.hadoop.hbase.zookeeper.ZKWatcher; import org.apache.hadoop.hbase.zookeeper.ZNodePaths; import org.apache.hadoop.hdfs.protocol.AlreadyBeingCreatedException; import org.apache.hadoop.ipc.RemoteException; +import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.ReflectionUtils; import org.apache.hadoop.util.Tool; @@ -1934,7 +1934,7 @@ public class HBaseFsck extends Configured implements Closeable { } } - private void preCheckPermission() throws IOException, AccessDeniedException { + private void preCheckPermission() throws IOException { if (shouldIgnorePreCheckPermission()) { return; } @@ -1946,8 +1946,8 @@ public class HBaseFsck extends Configured implements Closeable { FileStatus[] files = fs.listStatus(hbaseDir); for (FileStatus file : files) { try { - FSUtils.checkAccess(ugi, file, FsAction.WRITE); - } catch (AccessDeniedException ace) { + fs.access(file.getPath(), FsAction.WRITE); + } catch (AccessControlException ace) { LOG.warn("Got AccessDeniedException when preCheckPermission ", ace); errors.reportError(ERROR_CODE.WRONG_USAGE, "Current user " + ugi.getUserName() + " does not have write perms to " + file.getPath() @@ -3790,8 +3790,6 @@ public class HBaseFsck extends Configured implements Closeable { // pre-check current user has FS write permission or not try { preCheckPermission(); - } catch (AccessDeniedException ace) { - Runtime.getRuntime().exit(-1); } catch (IOException ioe) { Runtime.getRuntime().exit(-1); }