org.apache.hadoop.fs.permission.AclUtil Java Examples

The following examples show how to use org.apache.hadoop.fs.permission.AclUtil. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AclStorage.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Creates an AclFeature from the given ACL entries.
 *
 * @param accessEntries List<AclEntry> access ACL entries
 * @param defaultEntries List<AclEntry> default ACL entries
 * @return AclFeature containing the required ACL entries
 */
private static AclFeature createAclFeature(List<AclEntry> accessEntries,
    List<AclEntry> defaultEntries) {
  // Pre-allocate list size for the explicit entries stored in the feature,
  // which is all entries minus the 3 entries implicitly stored in the
  // permission bits.
  List<AclEntry> featureEntries = Lists.newArrayListWithCapacity(
    (accessEntries.size() - 3) + defaultEntries.size());

  // For the access ACL, the feature only needs to hold the named user and
  // group entries.  For a correctly sorted ACL, these will be in a
  // predictable range.
  if (!AclUtil.isMinimalAcl(accessEntries)) {
    featureEntries.addAll(
      accessEntries.subList(1, accessEntries.size() - 2));
  }

  // Add all default entries to the feature.
  featureEntries.addAll(defaultEntries);
  return new AclFeature(AclEntryStatusFormat.toInt(featureEntries));
}
 
Example #2
Source File: AclCommands.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
protected void processPath(PathData item) throws IOException {
  out.println("# file: " + item);
  out.println("# owner: " + item.stat.getOwner());
  out.println("# group: " + item.stat.getGroup());
  FsPermission perm = item.stat.getPermission();
  if (perm.getStickyBit()) {
    out.println("# flags: --" +
      (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T"));
  }

  AclStatus aclStatus = item.fs.getAclStatus(item.path);
  List<AclEntry> entries = perm.getAclBit() ? aclStatus.getEntries()
      : Collections.<AclEntry> emptyList();
  ScopedAclEntries scopedEntries = new ScopedAclEntries(
    AclUtil.getAclFromPermAndEntries(perm, entries));
  printAclEntriesForSingleScope(aclStatus, perm,
      scopedEntries.getAccessEntries());
  printAclEntriesForSingleScope(aclStatus, perm,
      scopedEntries.getDefaultEntries());
  out.println();
}
 
Example #3
Source File: AclCommands.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
protected void processPath(PathData item) throws IOException {
  out.println("# file: " + item);
  out.println("# owner: " + item.stat.getOwner());
  out.println("# group: " + item.stat.getGroup());
  FsPermission perm = item.stat.getPermission();
  if (perm.getStickyBit()) {
    out.println("# flags: --" +
      (perm.getOtherAction().implies(FsAction.EXECUTE) ? "t" : "T"));
  }

  AclStatus aclStatus = item.fs.getAclStatus(item.path);
  List<AclEntry> entries = perm.getAclBit() ? aclStatus.getEntries()
      : Collections.<AclEntry> emptyList();
  ScopedAclEntries scopedEntries = new ScopedAclEntries(
    AclUtil.getAclFromPermAndEntries(perm, entries));
  printAclEntriesForSingleScope(aclStatus, perm,
      scopedEntries.getAccessEntries());
  printAclEntriesForSingleScope(aclStatus, perm,
      scopedEntries.getDefaultEntries());
  out.println();
}
 
Example #4
Source File: AclStorage.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Creates an AclFeature from the given ACL entries.
 *
 * @param accessEntries List<AclEntry> access ACL entries
 * @param defaultEntries List<AclEntry> default ACL entries
 * @return AclFeature containing the required ACL entries
 */
private static AclFeature createAclFeature(List<AclEntry> accessEntries,
    List<AclEntry> defaultEntries) {
  // Pre-allocate list size for the explicit entries stored in the feature,
  // which is all entries minus the 3 entries implicitly stored in the
  // permission bits.
  List<AclEntry> featureEntries = Lists.newArrayListWithCapacity(
    (accessEntries.size() - 3) + defaultEntries.size());

  // For the access ACL, the feature only needs to hold the named user and
  // group entries.  For a correctly sorted ACL, these will be in a
  // predictable range.
  if (!AclUtil.isMinimalAcl(accessEntries)) {
    featureEntries.addAll(
      accessEntries.subList(1, accessEntries.size() - 2));
  }

  // Add all default entries to the feature.
  featureEntries.addAll(defaultEntries);
  return new AclFeature(AclEntryStatusFormat.toInt(featureEntries));
}
 
Example #5
Source File: ViewFsBaseTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testInternalGetAclStatus() throws IOException {
  final UserGroupInformation currentUser =
      UserGroupInformation.getCurrentUser();
  AclStatus aclStatus = fcView.getAclStatus(new Path("/internalDir"));
  assertEquals(aclStatus.getOwner(), currentUser.getUserName());
  assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]);
  assertEquals(aclStatus.getEntries(),
      AclUtil.getMinimalAcl(PERMISSION_555));
  assertFalse(aclStatus.isStickyBit());
}
 
Example #6
Source File: ViewFsBaseTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testInternalGetAclStatus() throws IOException {
  final UserGroupInformation currentUser =
      UserGroupInformation.getCurrentUser();
  AclStatus aclStatus = fcView.getAclStatus(new Path("/internalDir"));
  assertEquals(aclStatus.getOwner(), currentUser.getUserName());
  assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]);
  assertEquals(aclStatus.getEntries(),
      AclUtil.getMinimalAcl(PERMISSION_555));
  assertFalse(aclStatus.isStickyBit());
}
 
Example #7
Source File: ViewFileSystemBaseTest.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testInternalGetAclStatus() throws IOException {
  final UserGroupInformation currentUser =
      UserGroupInformation.getCurrentUser();
  AclStatus aclStatus = fsView.getAclStatus(new Path("/internalDir"));
  assertEquals(aclStatus.getOwner(), currentUser.getUserName());
  assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]);
  assertEquals(aclStatus.getEntries(),
      AclUtil.getMinimalAcl(PERMISSION_555));
  assertFalse(aclStatus.isStickyBit());
}
 
Example #8
Source File: ViewFs.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public AclStatus getAclStatus(Path path) throws IOException {
  checkPathIsSlash(path);
  return new AclStatus.Builder().owner(ugi.getUserName())
      .group(ugi.getGroupNames()[0])
      .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
      .stickyBit(false).build();
}
 
Example #9
Source File: ViewFileSystem.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public AclStatus getAclStatus(Path path) throws IOException {
  checkPathIsSlash(path);
  return new AclStatus.Builder().owner(ugi.getUserName())
      .group(ugi.getGroupNames()[0])
      .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
      .stickyBit(false).build();
}
 
Example #10
Source File: ViewFileSystemBaseTest.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testInternalGetAclStatus() throws IOException {
  final UserGroupInformation currentUser =
      UserGroupInformation.getCurrentUser();
  AclStatus aclStatus = fsView.getAclStatus(new Path("/internalDir"));
  assertEquals(aclStatus.getOwner(), currentUser.getUserName());
  assertEquals(aclStatus.getGroup(), currentUser.getGroupNames()[0]);
  assertEquals(aclStatus.getEntries(),
      AclUtil.getMinimalAcl(PERMISSION_555));
  assertFalse(aclStatus.isStickyBit());
}
 
Example #11
Source File: ViewFs.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public AclStatus getAclStatus(Path path) throws IOException {
  checkPathIsSlash(path);
  return new AclStatus.Builder().owner(ugi.getUserName())
      .group(ugi.getGroupNames()[0])
      .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
      .stickyBit(false).build();
}
 
Example #12
Source File: ViewFileSystem.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public AclStatus getAclStatus(Path path) throws IOException {
  checkPathIsSlash(path);
  return new AclStatus.Builder().owner(ugi.getUserName())
      .group(ugi.getGroupNames()[0])
      .addEntries(AclUtil.getMinimalAcl(PERMISSION_555))
      .stickyBit(false).build();
}
 
Example #13
Source File: AclStorage.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * If a default ACL is defined on a parent directory, then copies that default
 * ACL to a newly created child file or directory.
 *
 * @param child INode newly created child
 */
public static void copyINodeDefaultAcl(INode child) {
  INodeDirectory parent = child.getParent();
  AclFeature parentAclFeature = parent.getAclFeature();
  if (parentAclFeature == null || !(child.isFile() || child.isDirectory())) {
    return;
  }

  // Split parent's entries into access vs. default.
  List<AclEntry> featureEntries = getEntriesFromAclFeature(parent
      .getAclFeature());
  ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries);
  List<AclEntry> parentDefaultEntries = scopedEntries.getDefaultEntries();

  // The parent may have an access ACL but no default ACL.  If so, exit.
  if (parentDefaultEntries.isEmpty()) {
    return;
  }

  // Pre-allocate list size for access entries to copy from parent.
  List<AclEntry> accessEntries = Lists.newArrayListWithCapacity(
    parentDefaultEntries.size());

  FsPermission childPerm = child.getFsPermission();

  // Copy each default ACL entry from parent to new child's access ACL.
  boolean parentDefaultIsMinimal = AclUtil.isMinimalAcl(parentDefaultEntries);
  for (AclEntry entry: parentDefaultEntries) {
    AclEntryType type = entry.getType();
    String name = entry.getName();
    AclEntry.Builder builder = new AclEntry.Builder()
      .setScope(AclEntryScope.ACCESS)
      .setType(type)
      .setName(name);

    // The child's initial permission bits are treated as the mode parameter,
    // which can filter copied permission values for owner, mask and other.
    final FsAction permission;
    if (type == AclEntryType.USER && name == null) {
      permission = entry.getPermission().and(childPerm.getUserAction());
    } else if (type == AclEntryType.GROUP && parentDefaultIsMinimal) {
      // This only happens if the default ACL is a minimal ACL: exactly 3
      // entries corresponding to owner, group and other.  In this case,
      // filter the group permissions.
      permission = entry.getPermission().and(childPerm.getGroupAction());
    } else if (type == AclEntryType.MASK) {
      // Group bits from mode parameter filter permission of mask entry.
      permission = entry.getPermission().and(childPerm.getGroupAction());
    } else if (type == AclEntryType.OTHER) {
      permission = entry.getPermission().and(childPerm.getOtherAction());
    } else {
      permission = entry.getPermission();
    }

    builder.setPermission(permission);
    accessEntries.add(builder.build());
  }

  // A new directory also receives a copy of the parent's default ACL.
  List<AclEntry> defaultEntries = child.isDirectory() ? parentDefaultEntries :
    Collections.<AclEntry>emptyList();

  final FsPermission newPerm;
  if (!AclUtil.isMinimalAcl(accessEntries) || !defaultEntries.isEmpty()) {
    // Save the new ACL to the child.
    child.addAclFeature(createAclFeature(accessEntries, defaultEntries));
    newPerm = createFsPermissionForExtendedAcl(accessEntries, childPerm);
  } else {
    // The child is receiving a minimal ACL.
    newPerm = createFsPermissionForMinimalAcl(accessEntries, childPerm);
  }

  child.setPermission(newPerm);
}
 
Example #14
Source File: AclStorage.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Reads the existing ACL of an inode.  This method always returns the full
 * logical ACL of the inode after reading relevant data from the inode's
 * {@link FsPermission} and {@link AclFeature}.  Note that every inode
 * logically has an ACL, even if no ACL has been set explicitly.  If the inode
 * does not have an extended ACL, then the result is a minimal ACL consising of
 * exactly 3 entries that correspond to the owner, group and other permissions.
 * This method always reads the inode's current state and does not support
 * querying by snapshot ID.  This is because the method is intended to support
 * ACL modification APIs, which always apply a delta on top of current state.
 *
 * @param inode INode to read
 * @return List<AclEntry> containing all logical inode ACL entries
 */
public static List<AclEntry> readINodeLogicalAcl(INode inode) {
  FsPermission perm = inode.getFsPermission();
  AclFeature f = inode.getAclFeature();
  if (f == null) {
    return AclUtil.getMinimalAcl(perm);
  }

  final List<AclEntry> existingAcl;
  // Split ACL entries stored in the feature into access vs. default.
  List<AclEntry> featureEntries = getEntriesFromAclFeature(f);
  ScopedAclEntries scoped = new ScopedAclEntries(featureEntries);
  List<AclEntry> accessEntries = scoped.getAccessEntries();
  List<AclEntry> defaultEntries = scoped.getDefaultEntries();

  // Pre-allocate list size for the explicit entries stored in the feature
  // plus the 3 implicit entries (owner, group and other) from the permission
  // bits.
  existingAcl = Lists.newArrayListWithCapacity(featureEntries.size() + 3);

  if (!accessEntries.isEmpty()) {
    // Add owner entry implied from user permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.USER).setPermission(perm.getUserAction())
        .build());

    // Next add all named user and group entries taken from the feature.
    existingAcl.addAll(accessEntries);

    // Add mask entry implied from group permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.MASK).setPermission(perm.getGroupAction())
        .build());

    // Add other entry implied from other permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.OTHER).setPermission(perm.getOtherAction())
        .build());
  } else {
    // It's possible that there is a default ACL but no access ACL. In this
    // case, add the minimal access ACL implied by the permission bits.
    existingAcl.addAll(AclUtil.getMinimalAcl(perm));
  }

  // Add all default entries after the access entries.
  existingAcl.addAll(defaultEntries);

  // The above adds entries in the correct order, so no need to sort here.
  return existingAcl;
}
 
Example #15
Source File: CommandWithDestination.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Preserve the attributes of the source to the target.
 * The method calls {@link #shouldPreserve(FileAttribute)} to check what
 * attribute to preserve.
 * @param src source to preserve
 * @param target where to preserve attributes
 * @param preserveRawXAttrs true if raw.* xattrs should be preserved
 * @throws IOException if fails to preserve attributes
 */
protected void preserveAttributes(PathData src, PathData target,
    boolean preserveRawXAttrs)
    throws IOException {
  if (shouldPreserve(FileAttribute.TIMESTAMPS)) {
    target.fs.setTimes(
        target.path,
        src.stat.getModificationTime(),
        src.stat.getAccessTime());
  }
  if (shouldPreserve(FileAttribute.OWNERSHIP)) {
    target.fs.setOwner(
        target.path,
        src.stat.getOwner(),
        src.stat.getGroup());
  }
  if (shouldPreserve(FileAttribute.PERMISSION) ||
      shouldPreserve(FileAttribute.ACL)) {
    target.fs.setPermission(
        target.path,
        src.stat.getPermission());
  }
  if (shouldPreserve(FileAttribute.ACL)) {
    FsPermission perm = src.stat.getPermission();
    if (perm.getAclBit()) {
      List<AclEntry> srcEntries =
          src.fs.getAclStatus(src.path).getEntries();
      List<AclEntry> srcFullEntries =
          AclUtil.getAclFromPermAndEntries(perm, srcEntries);
      target.fs.setAcl(target.path, srcFullEntries);
    }
  }
  final boolean preserveXAttrs = shouldPreserve(FileAttribute.XATTR);
  if (preserveXAttrs || preserveRawXAttrs) {
    Map<String, byte[]> srcXAttrs = src.fs.getXAttrs(src.path);
    if (srcXAttrs != null) {
      Iterator<Entry<String, byte[]>> iter = srcXAttrs.entrySet().iterator();
      while (iter.hasNext()) {
        Entry<String, byte[]> entry = iter.next();
        final String xattrName = entry.getKey();
        if (xattrName.startsWith(RAW) || preserveXAttrs) {
          target.fs.setXAttr(target.path, entry.getKey(), entry.getValue());
        }
      }
    }
  }
}
 
Example #16
Source File: CommandWithDestination.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Preserve the attributes of the source to the target.
 * The method calls {@link #shouldPreserve(FileAttribute)} to check what
 * attribute to preserve.
 * @param src source to preserve
 * @param target where to preserve attributes
 * @param preserveRawXAttrs true if raw.* xattrs should be preserved
 * @throws IOException if fails to preserve attributes
 */
protected void preserveAttributes(PathData src, PathData target,
    boolean preserveRawXAttrs)
    throws IOException {
  if (shouldPreserve(FileAttribute.TIMESTAMPS)) {
    target.fs.setTimes(
        target.path,
        src.stat.getModificationTime(),
        src.stat.getAccessTime());
  }
  if (shouldPreserve(FileAttribute.OWNERSHIP)) {
    target.fs.setOwner(
        target.path,
        src.stat.getOwner(),
        src.stat.getGroup());
  }
  if (shouldPreserve(FileAttribute.PERMISSION) ||
      shouldPreserve(FileAttribute.ACL)) {
    target.fs.setPermission(
        target.path,
        src.stat.getPermission());
  }
  if (shouldPreserve(FileAttribute.ACL)) {
    FsPermission perm = src.stat.getPermission();
    if (perm.getAclBit()) {
      List<AclEntry> srcEntries =
          src.fs.getAclStatus(src.path).getEntries();
      List<AclEntry> srcFullEntries =
          AclUtil.getAclFromPermAndEntries(perm, srcEntries);
      target.fs.setAcl(target.path, srcFullEntries);
    }
  }
  final boolean preserveXAttrs = shouldPreserve(FileAttribute.XATTR);
  if (preserveXAttrs || preserveRawXAttrs) {
    Map<String, byte[]> srcXAttrs = src.fs.getXAttrs(src.path);
    if (srcXAttrs != null) {
      Iterator<Entry<String, byte[]>> iter = srcXAttrs.entrySet().iterator();
      while (iter.hasNext()) {
        Entry<String, byte[]> entry = iter.next();
        final String xattrName = entry.getKey();
        if (xattrName.startsWith(RAW) || preserveXAttrs) {
          target.fs.setXAttr(target.path, entry.getKey(), entry.getValue());
        }
      }
    }
  }
}
 
Example #17
Source File: AclStorage.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Reads the existing ACL of an inode.  This method always returns the full
 * logical ACL of the inode after reading relevant data from the inode's
 * {@link FsPermission} and {@link AclFeature}.  Note that every inode
 * logically has an ACL, even if no ACL has been set explicitly.  If the inode
 * does not have an extended ACL, then the result is a minimal ACL consising of
 * exactly 3 entries that correspond to the owner, group and other permissions.
 * This method always reads the inode's current state and does not support
 * querying by snapshot ID.  This is because the method is intended to support
 * ACL modification APIs, which always apply a delta on top of current state.
 *
 * @param inode INode to read
 * @return List<AclEntry> containing all logical inode ACL entries
 */
public static List<AclEntry> readINodeLogicalAcl(INode inode) {
  FsPermission perm = inode.getFsPermission();
  AclFeature f = inode.getAclFeature();
  if (f == null) {
    return AclUtil.getMinimalAcl(perm);
  }

  final List<AclEntry> existingAcl;
  // Split ACL entries stored in the feature into access vs. default.
  List<AclEntry> featureEntries = getEntriesFromAclFeature(f);
  ScopedAclEntries scoped = new ScopedAclEntries(featureEntries);
  List<AclEntry> accessEntries = scoped.getAccessEntries();
  List<AclEntry> defaultEntries = scoped.getDefaultEntries();

  // Pre-allocate list size for the explicit entries stored in the feature
  // plus the 3 implicit entries (owner, group and other) from the permission
  // bits.
  existingAcl = Lists.newArrayListWithCapacity(featureEntries.size() + 3);

  if (!accessEntries.isEmpty()) {
    // Add owner entry implied from user permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.USER).setPermission(perm.getUserAction())
        .build());

    // Next add all named user and group entries taken from the feature.
    existingAcl.addAll(accessEntries);

    // Add mask entry implied from group permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.MASK).setPermission(perm.getGroupAction())
        .build());

    // Add other entry implied from other permission bits.
    existingAcl.add(new AclEntry.Builder().setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.OTHER).setPermission(perm.getOtherAction())
        .build());
  } else {
    // It's possible that there is a default ACL but no access ACL. In this
    // case, add the minimal access ACL implied by the permission bits.
    existingAcl.addAll(AclUtil.getMinimalAcl(perm));
  }

  // Add all default entries after the access entries.
  existingAcl.addAll(defaultEntries);

  // The above adds entries in the correct order, so no need to sort here.
  return existingAcl;
}
 
Example #18
Source File: AclStorage.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * If a default ACL is defined on a parent directory, then copies that default
 * ACL to a newly created child file or directory.
 *
 * @param child INode newly created child
 */
public static void copyINodeDefaultAcl(INode child) {
  INodeDirectory parent = child.getParent();
  AclFeature parentAclFeature = parent.getAclFeature();
  if (parentAclFeature == null || !(child.isFile() || child.isDirectory())) {
    return;
  }

  // Split parent's entries into access vs. default.
  List<AclEntry> featureEntries = getEntriesFromAclFeature(parent
      .getAclFeature());
  ScopedAclEntries scopedEntries = new ScopedAclEntries(featureEntries);
  List<AclEntry> parentDefaultEntries = scopedEntries.getDefaultEntries();

  // The parent may have an access ACL but no default ACL.  If so, exit.
  if (parentDefaultEntries.isEmpty()) {
    return;
  }

  // Pre-allocate list size for access entries to copy from parent.
  List<AclEntry> accessEntries = Lists.newArrayListWithCapacity(
    parentDefaultEntries.size());

  FsPermission childPerm = child.getFsPermission();

  // Copy each default ACL entry from parent to new child's access ACL.
  boolean parentDefaultIsMinimal = AclUtil.isMinimalAcl(parentDefaultEntries);
  for (AclEntry entry: parentDefaultEntries) {
    AclEntryType type = entry.getType();
    String name = entry.getName();
    AclEntry.Builder builder = new AclEntry.Builder()
      .setScope(AclEntryScope.ACCESS)
      .setType(type)
      .setName(name);

    // The child's initial permission bits are treated as the mode parameter,
    // which can filter copied permission values for owner, mask and other.
    final FsAction permission;
    if (type == AclEntryType.USER && name == null) {
      permission = entry.getPermission().and(childPerm.getUserAction());
    } else if (type == AclEntryType.GROUP && parentDefaultIsMinimal) {
      // This only happens if the default ACL is a minimal ACL: exactly 3
      // entries corresponding to owner, group and other.  In this case,
      // filter the group permissions.
      permission = entry.getPermission().and(childPerm.getGroupAction());
    } else if (type == AclEntryType.MASK) {
      // Group bits from mode parameter filter permission of mask entry.
      permission = entry.getPermission().and(childPerm.getGroupAction());
    } else if (type == AclEntryType.OTHER) {
      permission = entry.getPermission().and(childPerm.getOtherAction());
    } else {
      permission = entry.getPermission();
    }

    builder.setPermission(permission);
    accessEntries.add(builder.build());
  }

  // A new directory also receives a copy of the parent's default ACL.
  List<AclEntry> defaultEntries = child.isDirectory() ? parentDefaultEntries :
    Collections.<AclEntry>emptyList();

  final FsPermission newPerm;
  if (!AclUtil.isMinimalAcl(accessEntries) || !defaultEntries.isEmpty()) {
    // Save the new ACL to the child.
    child.addAclFeature(createAclFeature(accessEntries, defaultEntries));
    newPerm = createFsPermissionForExtendedAcl(accessEntries, childPerm);
  } else {
    // The child is receiving a minimal ACL.
    newPerm = createFsPermissionForMinimalAcl(accessEntries, childPerm);
  }

  child.setPermission(newPerm);
}
 
Example #19
Source File: DistCpUtils.java    From big-c with Apache License 2.0 3 votes vote down vote up
/**
 * Returns a file's full logical ACL.
 *
 * @param fileSystem FileSystem containing the file
 * @param fileStatus FileStatus of file
 * @return List containing full logical ACL
 * @throws IOException if there is an I/O error
 */
public static List<AclEntry> getAcl(FileSystem fileSystem,
    FileStatus fileStatus) throws IOException {
  List<AclEntry> entries = fileSystem.getAclStatus(fileStatus.getPath())
    .getEntries();
  return AclUtil.getAclFromPermAndEntries(fileStatus.getPermission(), entries);
}
 
Example #20
Source File: DistCpUtils.java    From hadoop with Apache License 2.0 3 votes vote down vote up
/**
 * Returns a file's full logical ACL.
 *
 * @param fileSystem FileSystem containing the file
 * @param fileStatus FileStatus of file
 * @return List containing full logical ACL
 * @throws IOException if there is an I/O error
 */
public static List<AclEntry> getAcl(FileSystem fileSystem,
    FileStatus fileStatus) throws IOException {
  List<AclEntry> entries = fileSystem.getAclStatus(fileStatus.getPath())
    .getEntries();
  return AclUtil.getAclFromPermAndEntries(fileStatus.getPermission(), entries);
}
 
Example #21
Source File: CopyListingFileStatus.java    From circus-train with Apache License 2.0 2 votes vote down vote up
/**
 * Returns the full logical ACL.
 *
 * @return List<AclEntry> containing full logical ACL
 */
public List<AclEntry> getAclEntries() {
  return AclUtil
      .getAclFromPermAndEntries(getPermission(), aclEntries != null ? aclEntries : Collections.<AclEntry>emptyList());
}
 
Example #22
Source File: CopyListingFileStatus.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Returns the full logical ACL.
 *
 * @return List containing full logical ACL
 */
public List<AclEntry> getAclEntries() {
  return AclUtil.getAclFromPermAndEntries(getPermission(),
    aclEntries != null ? aclEntries : Collections.<AclEntry>emptyList());
}
 
Example #23
Source File: CopyListingFileStatus.java    From hadoop with Apache License 2.0 2 votes vote down vote up
/**
 * Returns the full logical ACL.
 *
 * @return List containing full logical ACL
 */
public List<AclEntry> getAclEntries() {
  return AclUtil.getAclFromPermAndEntries(getPermission(),
    aclEntries != null ? aclEntries : Collections.<AclEntry>emptyList());
}