TestPermission.java
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security;
import static org.hamcrest.CoreMatchers.startsWith;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Random;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.DFSTestUtil;
import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.MiniDFSCluster;
import org.apache.hadoop.util.StringUtils;
import org.junit.Test;
/** Unit tests for permission */
public class TestPermission {
public static final Logger LOG =
LoggerFactory.getLogger(TestPermission.class);
final private static Path ROOT_PATH = new Path("/data");
final private static Path CHILD_DIR1 = new Path(ROOT_PATH, "child1");
final private static Path CHILD_DIR2 = new Path(ROOT_PATH, "child2");
final private static Path CHILD_DIR3 = new Path(ROOT_PATH, "child3");
final private static Path CHILD_FILE1 = new Path(ROOT_PATH, "file1");
final private static Path CHILD_FILE2 = new Path(ROOT_PATH, "file2");
final private static Path CHILD_FILE3 = new Path(ROOT_PATH, "file3");
final private static int FILE_LEN = 100;
final private static Random RAN = new Random();
final private static String USER_NAME = "user" + RAN.nextInt();
final private static String[] GROUP_NAMES = {"group1", "group2"};
final private static String NOUSER = "nouser";
final private static String NOGROUP = "nogroup";
private FileSystem nnfs;
private FileSystem userfs;
static FsPermission checkPermission(FileSystem fs,
String path, FsPermission expected) throws IOException {
FileStatus s = fs.getFileStatus(new Path(path));
LOG.info(s.getPath() + ": " + s.isDirectory() + " " + s.getPermission()
+ ":" + s.getOwner() + ":" + s.getGroup());
if (expected != null) {
assertEquals(expected, s.getPermission());
assertEquals(expected.toShort(), s.getPermission().toShort());
}
return s.getPermission();
}
static Path createFile(FileSystem fs, String filename) throws IOException {
Path path = new Path(ROOT_PATH, filename);
fs.create(path);
return path;
}
/**
* Tests backward compatibility. Configuration can be
* either set with old param dfs.umask that takes decimal umasks
* or dfs.umaskmode that takes symbolic or octal umask.
*/
@Test
public void testBackwardCompatibility() {
// Test 1 - old configuration key with decimal
// umask value should be handled when set using
// FSPermission.setUMask() API
FsPermission perm = new FsPermission((short)18);
Configuration conf = new Configuration();
FsPermission.setUMask(conf, perm);
assertEquals(18, FsPermission.getUMask(conf).toShort());
// Test 2 - new configuration key is handled
conf = new Configuration();
conf.set(FsPermission.UMASK_LABEL, "022");
assertEquals(18, FsPermission.getUMask(conf).toShort());
// Test 3 - equivalent valid umask
conf = new Configuration();
conf.set(FsPermission.UMASK_LABEL, "0022");
assertEquals(18, FsPermission.getUMask(conf).toShort());
// Test 4 - invalid umask
conf = new Configuration();
conf.set(FsPermission.UMASK_LABEL, "1222");
try {
FsPermission.getUMask(conf);
fail("expect IllegalArgumentException happen");
} catch (IllegalArgumentException e) {
//pass, exception successfully trigger
}
// Test 5 - invalid umask
conf = new Configuration();
conf.set(FsPermission.UMASK_LABEL, "01222");
try {
FsPermission.getUMask(conf);
fail("expect IllegalArgumentException happen");
} catch (IllegalArgumentException e) {
//pass, exception successfully trigger
}
}
@Test
public void testCreate() throws Exception {
Configuration conf = new HdfsConfiguration();
conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
conf.set(FsPermission.UMASK_LABEL, "000");
MiniDFSCluster cluster = null;
FileSystem fs = null;
try {
cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
cluster.waitActive();
fs = FileSystem.get(conf);
FsPermission rootPerm = checkPermission(fs, "/", null);
FsPermission inheritPerm = FsPermission.createImmutable(
(short)(rootPerm.toShort() | 0300));
FsPermission dirPerm = new FsPermission((short)0777);
fs.mkdirs(new Path("/a1/a2/a3"), dirPerm);
checkPermission(fs, "/a1", dirPerm);
checkPermission(fs, "/a1/a2", dirPerm);
checkPermission(fs, "/a1/a2/a3", dirPerm);
dirPerm = new FsPermission((short)0123);
FsPermission permission = FsPermission.createImmutable(
(short)(dirPerm.toShort() | 0300));
fs.mkdirs(new Path("/aa/1/aa/2/aa/3"), dirPerm);
checkPermission(fs, "/aa/1", permission);
checkPermission(fs, "/aa/1/aa/2", permission);
checkPermission(fs, "/aa/1/aa/2/aa/3", dirPerm);
FsPermission filePerm = new FsPermission((short)0444);
Path p = new Path("/b1/b2/b3.txt");
FSDataOutputStream out = fs.create(p, filePerm,
true, conf.getInt(CommonConfigurationKeys.IO_FILE_BUFFER_SIZE_KEY, 4096),
fs.getDefaultReplication(p), fs.getDefaultBlockSize(p), null);
out.write(123);
out.close();
checkPermission(fs, "/b1", inheritPerm);
checkPermission(fs, "/b1/b2", inheritPerm);
checkPermission(fs, "/b1/b2/b3.txt", filePerm);
conf.set(FsPermission.UMASK_LABEL, "022");
permission =
FsPermission.createImmutable((short)0666);
FileSystem.mkdirs(fs, new Path("/c1"), new FsPermission(permission));
FileSystem.create(fs, new Path("/c1/c2.txt"),
new FsPermission(permission));
checkPermission(fs, "/c1", permission);
checkPermission(fs, "/c1/c2.txt", permission);
} finally {
try {
if(fs != null) fs.close();
} catch(Exception e) {
LOG.error(StringUtils.stringifyException(e));
}
try {
if(cluster != null) cluster.shutdown();
} catch(Exception e) {
LOG.error(StringUtils.stringifyException(e));
}
}
}
@Test
public void testFilePermission() throws Exception {
final Configuration conf = new HdfsConfiguration();
conf.setBoolean(DFSConfigKeys.DFS_PERMISSIONS_ENABLED_KEY, true);
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(3).build();
cluster.waitActive();
try {
nnfs = FileSystem.get(conf);
// test permissions on files that do not exist
assertFalse(nnfs.exists(CHILD_FILE1));
try {
nnfs.setPermission(CHILD_FILE1, new FsPermission((short)0777));
assertTrue(false);
}
catch(java.io.FileNotFoundException e) {
LOG.info("GOOD: got " + e);
}
// make sure nn can take user specified permission (with default fs
// permission umask applied)
FSDataOutputStream out = nnfs.create(CHILD_FILE1, new FsPermission(
(short) 0777), true, 1024, (short) 1, 1024, null);
FileStatus status = nnfs.getFileStatus(CHILD_FILE1);
// FS_PERMISSIONS_UMASK_DEFAULT is 0022
assertTrue(status.getPermission().toString().equals("rwxr-xr-x"));
nnfs.delete(CHILD_FILE1, false);
// following dir/file creations are legal
nnfs.mkdirs(CHILD_DIR1);
status = nnfs.getFileStatus(CHILD_DIR1);
assertThat("Expect 755 = 777 (default dir) - 022 (default umask)",
status.getPermission().toString(), is("rwxr-xr-x"));
out = nnfs.create(CHILD_FILE1);
status = nnfs.getFileStatus(CHILD_FILE1);
assertTrue(status.getPermission().toString().equals("rw-r--r--"));
byte data[] = new byte[FILE_LEN];
RAN.nextBytes(data);
out.write(data);
out.close();
nnfs.setPermission(CHILD_FILE1, new FsPermission("700"));
status = nnfs.getFileStatus(CHILD_FILE1);
assertTrue(status.getPermission().toString().equals("rwx------"));
// mkdirs with null permission
nnfs.mkdirs(CHILD_DIR3, null);
status = nnfs.getFileStatus(CHILD_DIR3);
assertThat("Expect 755 = 777 (default dir) - 022 (default umask)",
status.getPermission().toString(), is("rwxr-xr-x"));
// following read is legal
byte dataIn[] = new byte[FILE_LEN];
FSDataInputStream fin = nnfs.open(CHILD_FILE1);
int bytesRead = fin.read(dataIn);
assertTrue(bytesRead == FILE_LEN);
for(int i=0; i<FILE_LEN; i++) {
assertEquals(data[i], dataIn[i]);
}
// test execution bit support for files
nnfs.setPermission(CHILD_FILE1, new FsPermission("755"));
status = nnfs.getFileStatus(CHILD_FILE1);
assertTrue(status.getPermission().toString().equals("rwxr-xr-x"));
nnfs.setPermission(CHILD_FILE1, new FsPermission("744"));
status = nnfs.getFileStatus(CHILD_FILE1);
assertTrue(status.getPermission().toString().equals("rwxr--r--"));
nnfs.setPermission(CHILD_FILE1, new FsPermission("700"));
////////////////////////////////////////////////////////////////
// test illegal file/dir creation
UserGroupInformation userGroupInfo =
UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES );
userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf);
// make sure mkdir of a existing directory that is not owned by
// this user does not throw an exception.
userfs.mkdirs(CHILD_DIR1);
// illegal mkdir
assertTrue(!canMkdirs(userfs, CHILD_DIR2));
// illegal file creation
assertTrue(!canCreate(userfs, CHILD_FILE2));
// illegal file open
assertTrue(!canOpen(userfs, CHILD_FILE1));
nnfs.setPermission(ROOT_PATH, new FsPermission((short)0755));
nnfs.setPermission(CHILD_DIR1, new FsPermission("777"));
nnfs.setPermission(new Path("/"), new FsPermission((short)0777));
final Path RENAME_PATH = new Path("/foo/bar");
userfs.mkdirs(RENAME_PATH);
assertTrue(canRename(userfs, RENAME_PATH, CHILD_DIR1));
// test permissions on files that do not exist
assertFalse(userfs.exists(CHILD_FILE3));
try {
userfs.setPermission(CHILD_FILE3, new FsPermission((short) 0777));
fail("setPermission should fail for non-exist file");
} catch (java.io.FileNotFoundException ignored) {
}
// Make sure any user can create file in root.
nnfs.setPermission(ROOT_PATH, new FsPermission("777"));
testSuperCanChangeOwnerGroup();
testNonSuperCanChangeToOwnGroup();
testNonSuperCannotChangeToOtherGroup();
testNonSuperCannotChangeGroupForOtherFile();
testNonSuperCannotChangeGroupForNonExistentFile();
testNonSuperCannotChangeOwner();
testNonSuperCannotChangeOwnerForOtherFile();
testNonSuperCannotChangeOwnerForNonExistentFile();
} finally {
cluster.shutdown();
}
}
private void testSuperCanChangeOwnerGroup() throws Exception {
Path file = createFile(userfs, "testSuperCanChangeOwnerGroup");
nnfs.setOwner(file, NOUSER, NOGROUP);
FileStatus status = nnfs.getFileStatus(file);
assertThat("A super user can change owner", status.getOwner(),
is(NOUSER));
assertThat("A super user can change group", status.getGroup(),
is(NOGROUP));
}
private void testNonSuperCanChangeToOwnGroup() throws Exception {
Path file = createFile(userfs, "testNonSuperCanChangeToOwnGroup");
userfs.setOwner(file, null, GROUP_NAMES[1]);
assertThat("A non-super user can change a file to own group",
nnfs.getFileStatus(file).getGroup(), is(GROUP_NAMES[1]));
}
private void testNonSuperCannotChangeToOtherGroup() throws Exception {
Path file = createFile(userfs, "testNonSuperCannotChangeToOtherGroup");
try {
userfs.setOwner(file, null, NOGROUP);
fail("Expect ACE when a non-super user tries to change a file to a " +
"group where the user does not belong.");
} catch (AccessControlException e) {
assertThat(e.getMessage(), startsWith("User " +
userfs.getFileStatus(file).getOwner() + " does not belong to"));
}
}
private void testNonSuperCannotChangeGroupForOtherFile() throws Exception {
Path file = createFile(nnfs, "testNonSuperCannotChangeGroupForOtherFile");
nnfs.setPermission(file, new FsPermission("777"));
try {
userfs.setOwner(file, null, GROUP_NAMES[1]);
fail("Expect ACE when a non-super user tries to set group for a file " +
"not owned");
} catch (AccessControlException e) {
assertThat(e.getMessage(), startsWith("Permission denied"));
}
}
private void testNonSuperCannotChangeGroupForNonExistentFile()
throws Exception {
Path file = new Path(ROOT_PATH,
"testNonSuperCannotChangeGroupForNonExistentFile");
try {
userfs.setOwner(file, null, GROUP_NAMES[1]);
fail("Expect FNFE when a non-super user tries to change group for a " +
"non-existent file");
} catch (FileNotFoundException e) {
}
}
private void testNonSuperCannotChangeOwner() throws Exception {
Path file = createFile(userfs, "testNonSuperCannotChangeOwner");
try {
userfs.setOwner(file, NOUSER, null);
fail("Expect ACE when a non-super user tries to change owner");
} catch (AccessControlException e) {
assertThat(e.getMessage(), startsWith("User " +
userfs.getFileStatus(file).getOwner() +
" is not a super user (non-super user cannot change owner)"));
}
}
private void testNonSuperCannotChangeOwnerForOtherFile() throws Exception {
Path file = createFile(nnfs, "testNonSuperCannotChangeOwnerForOtherFile");
nnfs.setPermission(file, new FsPermission("777"));
try {
userfs.setOwner(file, USER_NAME, null);
fail("Expect ACE when a non-super user tries to own a file");
} catch (AccessControlException e) {
assertThat(e.getMessage(), startsWith("Permission denied"));
}
}
private void testNonSuperCannotChangeOwnerForNonExistentFile()
throws Exception {
Path file = new Path(ROOT_PATH,
"testNonSuperCannotChangeOwnerForNonExistentFile");
assertFalse(userfs.exists(file));
try {
userfs.setOwner(file, NOUSER, null);
fail("Expect ACE or FNFE when a non-super user tries to change owner " +
"for a non-existent file");
} catch (AccessControlException e) {
assertThat(e.getMessage(), startsWith("User " +
userfs.getFileStatus(file).getOwner() +
" is not a super user (non-super user cannot change owner)"));
} catch (FileNotFoundException e) {
}
}
static boolean canMkdirs(FileSystem fs, Path p) throws IOException {
try {
fs.mkdirs(p);
return true;
} catch(AccessControlException e) {
// We check that AccessControlExceptions contain absolute paths.
Path parent = p.getParent();
assertTrue(parent.isUriPathAbsolute());
assertTrue(e.getMessage().contains(parent.toString()));
return false;
}
}
static boolean canCreate(FileSystem fs, Path p) throws IOException {
try {
fs.create(p);
return true;
} catch(AccessControlException e) {
Path parent = p.getParent();
assertTrue(parent.isUriPathAbsolute());
assertTrue(e.getMessage().contains(parent.toString()));
return false;
}
}
static boolean canOpen(FileSystem fs, Path p) throws IOException {
try {
fs.open(p);
return true;
} catch(AccessControlException e) {
assertTrue(p.isUriPathAbsolute());
assertTrue(e.getMessage().contains(p.toString()));
return false;
}
}
static boolean canRename(FileSystem fs, Path src, Path dst
) throws IOException {
try {
fs.rename(src, dst);
return true;
} catch(AccessControlException e) {
Path parent = dst.getParent();
assertTrue(parent.isUriPathAbsolute());
assertTrue(e.getMessage().contains(parent.toString()));
return false;
}
}
}