[
https://issues.apache.org/jira/browse/HDFS-10376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15274808#comment-15274808
]
John Zhuge commented on HDFS-10376:
-----------------------------------
After some debugging, the bogus user is passed to NN for both trunk and 2.6.
In the trunk, {{NN.checkOwner}} checks the existence of the file first before
checking permission:
{code}
void checkOwner(FSPermissionChecker pc, INodesInPath iip)
throws AccessControlException, FileNotFoundException {
if (iip.getLastINode() == null) {
throw new FileNotFoundException(
"Directory/File does not exist " + iip.getPath());
}
checkPermission(pc, iip, true, null, null, null, null);
}
{code}
In branch 2.6, it doesn't:
{code}
private void checkOwner(FSPermissionChecker pc, String path)
throws AccessControlException, UnresolvedLinkException {
checkPermission(pc, path, true, null, null, null, null);
}
{code}
The unit test calls {{setOwner}} with 2 error conditions: file doesn't exist,
user doesn't have permission. What is NN expected to do? Throw
FileNotFoundException or AccessControlException? Is there any doc or convention?
{code}
// test permissions on files that do not exist
assertFalse(userfs.exists(CHILD_FILE3));
try {
userfs.setOwner(CHILD_FILE3, "foo", "bar"); <<<<<<<<=======
fail("setOwner should fail for non-exist file");
} catch (java.io.FileNotFoundException ignored) {
LOG.info("GOOD: got " + ignored);
}
{code}
> setOwner call is not run as the specified user in TestPermission
> ----------------------------------------------------------------
>
> Key: HDFS-10376
> URL: https://issues.apache.org/jira/browse/HDFS-10376
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Yongjun Zhang
> Assignee: John Zhuge
>
> TestPermission create a user with the following name and group:
> {code}
> final private static String USER_NAME = "user" + RAN.nextInt();
> final private static String[] GROUP_NAMES = {"group1", "group2"};
> UserGroupInformation userGroupInfo =
> UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES );
>
> FileSystem userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf);
> // make sure mkdir of a existing directory that is not owned by
> // this user does not throw an exception.
> userfs.mkdirs(CHILD_DIR1);
>
> {code}
> Supposedly
> {code}
> userfs.setOwner(CHILD_FILE3, "foo", "bar");
> {code}
> will be run as the specified user, but it seems to be run as me who run the
> test.
> Running as the specified user would disallow setOwner, which requires
> superuser privilege. This is not happening.
> Creating this jira for some investigation to understand whether it's indeed
> an issue.
> Thanks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
