/** * Creates an AclFeature from the given ACL entries. * * @param accessEntries List<AclEntry> access ACL entries * @param defaultEntries List<AclEntry> default ACL entries * @return AclFeature containing the required ACL entries */ private static AclFeature createAclFeature(List<AclEntry> accessEntries, List<AclEntry> defaultEntries) { // Pre-allocate list size for the explicit entries stored in the feature, // which is all entries minus the 3 entries implicitly stored in the // permission bits. List<AclEntry> featureEntries = Lists.newArrayListWithCapacity( (accessEntries.size() - 3) + defaultEntries.size()); // For the access ACL, the feature only needs to hold the named user and // group entries. For a correctly sorted ACL, these will be in a // predictable range. if (!AclUtil.isMinimalAcl(accessEntries)) { featureEntries.addAll( accessEntries.subList(1, accessEntries.size() - 2)); } // Add all default entries to the feature. featureEntries.addAll(defaultEntries); return new AclFeature(AclEntryStatusFormat.toInt(featureEntries)); }
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } AclStatus aclStatus = item.fs.getAclStatus(item.path); List<AclEntry> entries = perm.getAclBit() ? aclStatus.getEntries() : Collections.<AclEntry> emptyList(); ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getDefaultEntries()); out.println(); }
/** * Creates an AclFeature from the given ACL entries. * * @param accessEntries List<AclEntry> access ACL entries * @param defaultEntries List<AclEntry> default ACL entries * @return AclFeature containing the required ACL entries */ private static AclFeature createAclFeature(List<AclEntry> accessEntries, List<AclEntry> defaultEntries) { // Pre-allocate list size for the explicit entries stored in the feature, // which is all entries minus the 3 entries implicitly stored in the // permission bits. List<AclEntry> featureEntries = Lists.newArrayListWithCapacity( (accessEntries.size() - 3) + defaultEntries.size()); // For the access ACL, the feature only needs to hold the named user and // group entries. For a correctly sorted ACL, these will be in a // predictable range. if (!AclUtil.isMinimalAcl(accessEntries)) { featureEntries.addAll( accessEntries.subList(1, accessEntries.size() - 2)); } // Add all default entries to the feature. featureEntries.addAll(defaultEntries); return new AclFeature(ImmutableList.copyOf(featureEntries)); }
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } List<AclEntry> entries = perm.getAclBit() ? item.fs.getAclStatus(item.path).getEntries() : Collections.<AclEntry>emptyList(); ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(scopedEntries.getDefaultEntries()); out.println(); }
@Override protected void processPath(PathData item) throws IOException { out.println("# file: " + item); out.println("# owner: " + item.stat.getOwner()); out.println("# group: " + item.stat.getGroup()); FsPermission perm = item.stat.getPermission(); if (perm.getStickyBit()) { out.println("# flags: --" + (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T")); } AclStatus aclStatus = null; List<AclEntry> entries = null; if (perm.getAclBit()) { aclStatus = item.fs.getAclStatus(item.path); entries = aclStatus.getEntries(); } else { aclStatus = null; entries = Collections.<AclEntry> emptyList(); } ScopedAclEntries scopedEntries = new ScopedAclEntries( AclUtil.getAclFromPermAndEntries(perm, entries)); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getAccessEntries()); printAclEntriesForSingleScope(aclStatus, perm, scopedEntries.getDefaultEntries()); out.println(); }
@Override public AclStatus getAclStatus(Path path) throws IOException { checkPathIsSlash(path); return new AclStatus.Builder().owner(ugi.getUserName()) .group(ugi.getGroupNames()[0]) .addEntries(AclUtil.getMinimalAcl(PERMISSION_555)) .stickyBit(false).build(); }
@Test public void testInternalGetAclStatus() throws IOException { final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); AclStatus aclStatus = fsView.getAclStatus(new Path("/internalDir")); assertEquals(aclStatus.getOwner(), currentUser.getUserName()); assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]); assertEquals(aclStatus.getEntries(), AclUtil.getMinimalAcl(PERMISSION_555)); assertFalse(aclStatus.isStickyBit()); }
@Test public void testInternalGetAclStatus() throws IOException { final UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); AclStatus aclStatus = fcView.getAclStatus(new Path("/internalDir")); assertEquals(aclStatus.getOwner(), currentUser.getUserName()); assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]); assertEquals(aclStatus.getEntries(), AclUtil.getMinimalAcl(PERMISSION_555)); assertFalse(aclStatus.isStickyBit()); }
@Override public AclStatus getAclStatus(Path path) throws IOException { checkPathIsSlash(path); return new AclStatus.Builder().owner(ugi.getShortUserName()) .group(ugi.getPrimaryGroupName()) .addEntries(AclUtil.getMinimalAcl(PERMISSION_555)) .stickyBit(false).build(); }
/** * Preserve the attributes of the source to the target. * The method calls {@link #shouldPreserve(FileAttribute)} to check what * attribute to preserve. * @param src source to preserve * @param target where to preserve attributes * @param preserveRawXAttrs true if raw.* xattrs should be preserved * @throws IOException if fails to preserve attributes */ protected void preserveAttributes(PathData src, PathData target, boolean preserveRawXAttrs) throws IOException { if (shouldPreserve(FileAttribute.TIMESTAMPS)) { target.fs.setTimes( target.path, src.stat.getModificationTime(), src.stat.getAccessTime()); } if (shouldPreserve(FileAttribute.OWNERSHIP)) { target.fs.setOwner( target.path, src.stat.getOwner(), src.stat.getGroup()); } if (shouldPreserve(FileAttribute.PERMISSION) || shouldPreserve(FileAttribute.ACL)) { target.fs.setPermission( target.path, src.stat.getPermission()); } if (shouldPreserve(FileAttribute.ACL)) { FsPermission perm = src.stat.getPermission(); if (perm.getAclBit()) { List<AclEntry> srcEntries = src.fs.getAclStatus(src.path).getEntries(); List<AclEntry> srcFullEntries = AclUtil.getAclFromPermAndEntries(perm, srcEntries); target.fs.setAcl(target.path, srcFullEntries); } } final boolean preserveXAttrs = shouldPreserve(FileAttribute.XATTR); if (preserveXAttrs || preserveRawXAttrs) { Map<String, byte[]> srcXAttrs = src.fs.getXAttrs(src.path); if (srcXAttrs != null) { Iterator<Entry<String, byte[]>> iter = srcXAttrs.entrySet().iterator(); while (iter.hasNext()) { Entry<String, byte[]> entry = iter.next(); final String xattrName = entry.getKey(); if (xattrName.startsWith(RAW) || preserveXAttrs) { target.fs.setXAttr(target.path, entry.getKey(), entry.getValue()); } } } } }
/** * If a default ACL is defined on a parent directory, then copies that default * ACL to a newly created child file or directory. * * @param child INode newly created child */ public static void copyINodeDefaultAcl(INode child) { INodeDirectory parent = child.getParent(); AclFeature parentAclFeature = parent.getAclFeature(); if (parentAclFeature == null || !(child.isFile() || child.isDirectory())) { return; } // Split parent's entries into access vs. default. List<AclEntry> featureEntries = getEntriesFromAclFeature(parent .getAclFeature()); ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries); List<AclEntry> parentDefaultEntries = scopedEntries.getDefaultEntries(); // The parent may have an access ACL but no default ACL. If so, exit. if (parentDefaultEntries.isEmpty()) { return; } // Pre-allocate list size for access entries to copy from parent. List<AclEntry> accessEntries = Lists.newArrayListWithCapacity( parentDefaultEntries.size()); FsPermission childPerm = child.getFsPermission(); // Copy each default ACL entry from parent to new child's access ACL. boolean parentDefaultIsMinimal = AclUtil.isMinimalAcl(parentDefaultEntries); for (AclEntry entry: parentDefaultEntries) { AclEntryType type = entry.getType(); String name = entry.getName(); AclEntry.Builder builder = new AclEntry.Builder() .setScope(AclEntryScope.ACCESS) .setType(type) .setName(name); // The child's initial permission bits are treated as the mode parameter, // which can filter copied permission values for owner, mask and other. final FsAction permission; if (type == AclEntryType.USER && name == null) { permission = entry.getPermission().and(childPerm.getUserAction()); } else if (type == AclEntryType.GROUP && parentDefaultIsMinimal) { // This only happens if the default ACL is a minimal ACL: exactly 3 // entries corresponding to owner, group and other. In this case, // filter the group permissions. permission = entry.getPermission().and(childPerm.getGroupAction()); } else if (type == AclEntryType.MASK) { // Group bits from mode parameter filter permission of mask entry. permission = entry.getPermission().and(childPerm.getGroupAction()); } else if (type == AclEntryType.OTHER) { permission = entry.getPermission().and(childPerm.getOtherAction()); } else { permission = entry.getPermission(); } builder.setPermission(permission); accessEntries.add(builder.build()); } // A new directory also receives a copy of the parent's default ACL. List<AclEntry> defaultEntries = child.isDirectory() ? parentDefaultEntries : Collections.<AclEntry>emptyList(); final FsPermission newPerm; if (!AclUtil.isMinimalAcl(accessEntries) || !defaultEntries.isEmpty()) { // Save the new ACL to the child. child.addAclFeature(createAclFeature(accessEntries, defaultEntries)); newPerm = createFsPermissionForExtendedAcl(accessEntries, childPerm); } else { // The child is receiving a minimal ACL. newPerm = createFsPermissionForMinimalAcl(accessEntries, childPerm); } child.setPermission(newPerm); }
/** * Reads the existing ACL of an inode. This method always returns the full * logical ACL of the inode after reading relevant data from the inode's * {@link FsPermission} and {@link AclFeature}. Note that every inode * logically has an ACL, even if no ACL has been set explicitly. If the inode * does not have an extended ACL, then the result is a minimal ACL consising of * exactly 3 entries that correspond to the owner, group and other permissions. * This method always reads the inode's current state and does not support * querying by snapshot ID. This is because the method is intended to support * ACL modification APIs, which always apply a delta on top of current state. * * @param inode INode to read * @return List<AclEntry> containing all logical inode ACL entries */ public static List<AclEntry> readINodeLogicalAcl(INode inode) { FsPermission perm = inode.getFsPermission(); AclFeature f = inode.getAclFeature(); if (f == null) { return AclUtil.getMinimalAcl(perm); } final List<AclEntry> existingAcl; // Split ACL entries stored in the feature into access vs. default. List<AclEntry> featureEntries = getEntriesFromAclFeature(f); ScopedAclEntries scoped = new ScopedAclEntries(featureEntries); List<AclEntry> accessEntries = scoped.getAccessEntries(); List<AclEntry> defaultEntries = scoped.getDefaultEntries(); // Pre-allocate list size for the explicit entries stored in the feature // plus the 3 implicit entries (owner, group and other) from the permission // bits. existingAcl = Lists.newArrayListWithCapacity(featureEntries.size() + 3); if (!accessEntries.isEmpty()) { // Add owner entry implied from user permission bits. existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.USER).setPermission(perm.getUserAction()) .build()); // Next add all named user and group entries taken from the feature. existingAcl.addAll(accessEntries); // Add mask entry implied from group permission bits. existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.MASK).setPermission(perm.getGroupAction()) .build()); // Add other entry implied from other permission bits. existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS) .setType(AclEntryType.OTHER).setPermission(perm.getOtherAction()) .build()); } else { // It's possible that there is a default ACL but no access ACL. In this // case, add the minimal access ACL implied by the permission bits. existingAcl.addAll(AclUtil.getMinimalAcl(perm)); } // Add all default entries after the access entries. existingAcl.addAll(defaultEntries); // The above adds entries in the correct order, so no need to sort here. return existingAcl; }
