[ https://issues.apache.org/jira/browse/HDFS-10455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612810#comment-15612810 ]
Kihwal Lee commented on HDFS-10455: ----------------------------------- It broke {{TestPermission}} {noformat} Running org.apache.hadoop.security.TestPermission Tests run: 3, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 8.996 sec <<< FAILURE! - in org.apache.hadoop.security.TestPermission testFilePermission(org.apache.hadoop.security.TestPermission) Time elapsed: 5.926 sec <<< FAILURE! java.lang.AssertionError: Expected: a string starting with "User does not belong to" but: was "User user-1375012529 does not belong to nogroup at org.apache.hadoop.hdfs.server.namenode.FSDirAttrOp.setOwner(FSDirAttrOp.java:92) at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.setOwner(FSNamesystem.java:1727) at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.setOwner(NameNodeRpcServer.java:834) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.setOwner(ClientNamenodeProtocolServerSideTranslatorPB.java:488) at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java) at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:467) at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:990) at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:845) at org.apache.hadoop.ipc.Server$RpcCall.run(Server.java:788) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1795) at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2535) " at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20) at org.junit.Assert.assertThat(Assert.java:865) at org.junit.Assert.assertThat(Assert.java:832) at org.apache.hadoop.security.TestPermission.testNonSuperCannotChangeToOtherGroup(TestPermission.java:340) at org.apache.hadoop.security.TestPermission.testFilePermission(TestPermission.java:305) {noformat} > Logging the username when deny the setOwner operation > ----------------------------------------------------- > > Key: HDFS-10455 > URL: https://issues.apache.org/jira/browse/HDFS-10455 > Project: Hadoop HDFS > Issue Type: Bug > Components: namenode > Affects Versions: 2.7.2 > Reporter: Tianyin Xu > Assignee: Tianyin Xu > Priority: Minor > Fix For: 2.8.0, 3.0.0-alpha2 > > Attachments: HDFS-10455.000.patch, HDFS-10455.002.patch > > > The attached patch appends the user name in the logging when the setOwner > operation is denied due to insufficient permissions on this user (based on > his/her name). > The same practice is used in {{FSPermissionChecker}} such as {{checkOwner()}} > and {{checkSuperuserPrivilege()}}. > {code:title=FSDirAttrOp.java|borderStyle=solid} > if (!pc.isSuperUser()) { > if (username != null && !pc.getUser().equals(username)) { > - throw new AccessControlException("Non-super user cannot change > owner"); > + throw new AccessControlException("User " + pc.getUser() > + + " is not a super user (non-super user cannot change > owner)."); > } > if (group != null && !pc.containsGroup(group)) { > - throw new AccessControlException("User does not belong to " + > group); > + throw new AccessControlException("User " + pc.getUser() > + + " does not belong to " + group); > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org