[ 
https://issues.apache.org/jira/browse/HDFS-10376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15514626#comment-15514626
 ] 

Yongjun Zhang commented on HDFS-10376:
--------------------------------------

Hi [~jzhuge],

Thanks for your thorough work here.

All looks good, except one suggestion:
{code}
  private void testNonSuperCannotChangeOwnerForNonExistentFile()
      throws Exception {
    Path file = new Path(ROOT_PATH,
        "testNonSuperCannotChangeOwnerForNonExistentFile");
    assertFalse(userfs.exists(file));
    try {
      userfs.setOwner(file, NOUSER, null);
      fail("Expect ACE or FNFE when a non-super user tries to change owner " +
          "for a non-existent file");
    } catch (AccessControlException e) {
      assertThat(e.getMessage(), startsWith(
          "Non-super user cannot change owner"));
    } catch (FileNotFoundException e) {
    }
  }
{code}
In this test, non-existing file can be of two types:
1. there is one parent component that restrict the access of this non-super 
user, in this case, we'd expect to see AccessControlException only.
2. all components in the path of this non-existing file allows access of this 
non-super user, depending on whether the implementation check file existence 
first, or check ownership first, we could either see AccessControlException or 
FileNotFoundException.

Your test here covers type 2, wonder if we can have a test for type 1?

Thanks.


> Enhance setOwner testing
> ------------------------
>
>                 Key: HDFS-10376
>                 URL: https://issues.apache.org/jira/browse/HDFS-10376
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>            Reporter: Yongjun Zhang
>            Assignee: John Zhuge
>         Attachments: HDFS-10376.001.patch
>
>
> TestPermission create a user with the following name and group:
> {code}
>  final private static String USER_NAME = "user" + RAN.nextInt();
>  final private static String[] GROUP_NAMES = {"group1", "group2"};
>    UserGroupInformation userGroupInfo = 
>         UserGroupInformation.createUserForTesting(USER_NAME, GROUP_NAMES );
>       
>       FileSystem userfs = DFSTestUtil.getFileSystemAs(userGroupInfo, conf);
>       // make sure mkdir of a existing directory that is not owned by 
>       // this user does not throw an exception.
>       userfs.mkdirs(CHILD_DIR1);
>       
> {code}
> Supposedly 
> {code}
>  userfs.setOwner(CHILD_FILE3, "foo", "bar");
> {code}
> will be run as the specified user, but it seems to be run as me who run the 
> test.
> Running as the specified user would disallow setOwner, which requires 
> superuser privilege. This is not happening.
> Creating this jira for some investigation to understand whether it's indeed 
> an issue.
> Thanks.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to