[
https://issues.apache.org/jira/browse/HADOOP-19109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17829419#comment-17829419
]
ASF GitHub Bot commented on HADOOP-19109:
-----------------------------------------
XbaoWu opened a new pull request, #6651:
URL: https://github.com/apache/hadoop/pull/6651
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
For more information about this PR, please refer to the following issue:
[HADOOP-19109](https://issues.apache.org/jira/browse/HADOOP-19109)
checkPermission should not ignore original AccessControlException
I think we should keep the original AccessControlException information, so
that we can understand the real situation of the problem.
### How was this patch tested?
Because this patch has no changes at the logical level of the code, there is
no corresponding unit test.
Although there is no specific unit test for this patch, I can see the
corresponding information in the log of active namenode when I trigger the
exception again.
### For code changes:
- [ ] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> checkPermission should not ignore original AccessControlException
> ------------------------------------------------------------------
>
> Key: HADOOP-19109
> URL: https://issues.apache.org/jira/browse/HADOOP-19109
> Project: Hadoop Common
> Issue Type: Improvement
> Components: hdfs-client
> Affects Versions: 3.3.0
> Reporter: Xiaobao Wu
> Priority: Minor
>
> In the environment where the *Ranger-HDFS* plugin is enabled, I look at the
> log information of *AccessControlException* caused by the *du.* I find that
> the printed log information is not accurate, because the original
> AccessControlException is ignored by checkPermission, which is not conducive
> to judging the real situation of the AccessControlException . At least part
> of the original log information should be printed.
> AccessControlException information currently printed:
> {code:java}
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
> Permission denied: user=test,access=READ_EXECUTE,
> inode="/warehouse/tablespace/managed/hive/test.db/stu/dt=2024-01-17":hive:hadoop:drwxrwx---
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:226){code}
> The original AccessControlException information printed:
> {code:java}
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=test,access=READ_EXECUTE, inode="dt=2024-01-17":hive:hadoop:drwxrwx---
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:400)
> {code}
> From the comparison results of the above log information, it can be seen that
> the inode information and the exception stack printed by the log are not
> accurate.
> Later, the *inode* information prompted by the original
> AccessControlException log information makes me realize that the Ranger-HDFS
> plug-in in the current environment is not incorporated into RANGER-2297, so I
> think it is necessary to prompt this part of the log information.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
