[ https://issues.apache.org/jira/browse/HDFS-10376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15274808#comment-15274808 ]
John Zhuge commented on HDFS-10376: ----------------------------------- After some debugging, the bogus user is passed to NN for both trunk and 2.6. In the trunk, {{NN.checkOwner}} checks the existence of the file first before checking permission: {code} void checkOwner(FSPermissionChecker pc, INodesInPath iip) throws AccessControlException, FileNotFoundException { if (iip.getLastINode() == null) { throw new FileNotFoundException( "Directory/File does not exist " + iip.getPath()); } checkPermission(pc, iip, true, null, null, null, null); } {code} In branch 2.6, it doesn't: {code} private void checkOwner(FSPermissionChecker pc, String path) throws AccessControlException, UnresolvedLinkException { checkPermission(pc, path, true, null, null, null, null); } {code} The unit test calls {{setOwner}} with 2 error conditions: file doesn't exist, user doesn't have permission. What is NN expected to do? Throw FileNotFoundException or AccessControlException? Is there any doc or convention? {code} // test permissions on files that do not exist assertFalse(userfs.exists(CHILD_FILE3)); try { userfs.setOwner(CHILD_FILE3, "foo", "bar"); <<<<<<<<======= fail("setOwner should fail for non-exist file"); } catch (java.io.FileNotFoundException ignored) { LOG.info("GOOD: got " + ignored); } {code} > setOwner call is not run as the specified user in TestPermission > ---------------------------------------------------------------- > > Key: HDFS-10376 > URL: https://issues.apache.org/jira/browse/HDFS-10376 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Yongjun Zhang > Assignee: John Zhuge > > TestPermission create a user with the following name and group: > {code} > final private static String USER_NAME = "user" + RAN.nextInt(); > final private static String[] GROUP_NAMES = {"group1", "group2"}; > UserGroupInformation userGroupInfo = > UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES ); > > FileSystem userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf); > // make sure mkdir of a existing directory that is not owned by > // this user does not throw an exception. > userfs.mkdirs(CHILD_DIR1); > > {code} > Supposedly > {code} > userfs.setOwner(CHILD_FILE3, "foo", "bar"); > {code} > will be run as the specified user, but it seems to be run as me who run the > test. > Running as the specified user would disallow setOwner, which requires > superuser privilege. This is not happening. > Creating this jira for some investigation to understand whether it's indeed > an issue. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org