Author: cnauroth
Date: Fri Jan 31 18:59:16 2014
New Revision: 1563219
URL: http://svn.apache.org/r1563219
Log:
HADOOP-10270. getfacl does not display effective permissions of masked.
Contributed by Chris Nauroth.
Modified:
hadoop/common/branches/HDFS-4685/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/AclCommands.java
Modified:
hadoop/common/branches/HDFS-4685/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/AclCommands.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-4685/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/AclCommands.java?rev=1563219&r1=1563218&r2=1563219&view=diff
==============================================================================
---
hadoop/common/branches/HDFS-4685/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/AclCommands.java
(original)
+++
hadoop/common/branches/HDFS-4685/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/AclCommands.java
Fri Jan 31 18:59:16 2014
@@ -116,6 +116,7 @@ class AclCommands extends FsCommand {
.build());
// Print all extended access ACL entries.
+ boolean hasAccessAcl = false;
Iterator<AclEntry> entryIter = entries.iterator();
AclEntry curEntry = null;
while (entryIter.hasNext()) {
@@ -123,13 +124,15 @@ class AclCommands extends FsCommand {
if (curEntry.getScope() == AclEntryScope.DEFAULT) {
break;
}
- out.println(curEntry);
+ hasAccessAcl = true;
+ printExtendedAclEntry(curEntry, perm.getGroupAction());
}
- // Print mask entry implied by group permission bits.
+ // Print mask entry implied by group permission bits, or print group
entry
+ // if there is no access ACL (only default ACL).
out.println(new AclEntry.Builder()
.setScope(AclEntryScope.ACCESS)
- .setType(AclEntryType.MASK)
+ .setType(hasAccessAcl ? AclEntryType.MASK : AclEntryType.GROUP)
.setPermission(perm.getGroupAction())
.build());
@@ -143,9 +146,35 @@ class AclCommands extends FsCommand {
// Print default ACL entries.
if (curEntry != null && curEntry.getScope() == AclEntryScope.DEFAULT) {
out.println(curEntry);
+ // ACL sort order guarantees default mask is the second-to-last entry.
+ FsAction maskPerm = entries.get(entries.size() - 2).getPermission();
+ while (entryIter.hasNext()) {
+ printExtendedAclEntry(entryIter.next(), maskPerm);
+ }
}
- while (entryIter.hasNext()) {
- out.println(entryIter.next());
+ }
+
+ /**
+ * Prints a single extended ACL entry. If the mask restricts the
+ * permissions of the entry, then also prints the restricted version as the
+ * effective permissions. The mask applies to all named entries and also
+ * the unnamed group entry.
+ *
+ * @param entry AclEntry extended ACL entry to print
+ * @param maskPerm FsAction permissions in the ACL's mask entry
+ */
+ private void printExtendedAclEntry(AclEntry entry, FsAction maskPerm) {
+ if (entry.getName() != null || entry.getType() == AclEntryType.GROUP) {
+ FsAction entryPerm = entry.getPermission();
+ FsAction effectivePerm = entryPerm.and(maskPerm);
+ if (entryPerm != effectivePerm) {
+ out.println(String.format("%-31s #effective:%s", entry,
+ effectivePerm.SYMBOL));
+ } else {
+ out.println(entry);
+ }
+ } else {
+ out.println(entry);
}
}
