z-bb commented on code in PR #4674:
URL: https://github.com/apache/ozone/pull/4674#discussion_r1189635410
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -409,7 +409,9 @@ private void setDefaultAcls() throws IOException {
.build();
objectStore.setAcl(volumeObj, OzoneAcl.parseAcls(
"user:" + USER1 + ":r," +
- "user:" + USER2 + ":r"));
+ "user:" + USER1 + ":l," +
Review Comment:
@ashishkumar50 Hi, Because list the volume or bucket also requires the "l"
permission
For example
```
[[email protected] ~]$ ~/om-current/bin/ozone sh vol create
vol-test
[[email protected] ~]$ ~/om-current/bin/ozone sh bucket
create vol-test/blk-test
[[email protected] ~]$ export HADOOP_USER_NAME=test
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /vol-test
-ls: Fatal internal error
java.lang.RuntimeException: PERMISSION_DENIED
org.apache.hadoop.ozone.om.exceptions.OMException: User test doesn't have LIST
permission to access volume Volume:vol-test
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.getNextListOfBuckets(OzoneVolume.java:527)
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.<init>(OzoneVolume.java:497)
at
org.apache.hadoop.ozone.client.OzoneVolume.listBuckets(OzoneVolume.java:368)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneClientAdapterImpl.listStatusVolume(BasicRootedOzoneClientAdapterImpl.java:801)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneClientAdapterImpl.listStatus(BasicRootedOzoneClientAdapterImpl.java:885)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneFileSystem.listStatusAdapter(BasicRootedOzoneFileSystem.java:869)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneFileSystem.listStatus(BasicRootedOzoneFileSystem.java:844)
at
org.apache.hadoop.fs.shell.PathData.getDirectoryContents(PathData.java:268)
at org.apache.hadoop.fs.shell.Command.recursePath(Command.java:373)
at org.apache.hadoop.fs.shell.Ls.processPathArgument(Ls.java:90)
at org.apache.hadoop.fs.shell.Command.processArgument(Command.java:271)
at org.apache.hadoop.fs.shell.Command.processArguments(Command.java:255)
at
org.apache.hadoop.fs.shell.Command.processRawArguments(Command.java:201)
at org.apache.hadoop.fs.shell.Command.run(Command.java:165)
at org.apache.hadoop.fs.FsShell.run(FsShell.java:287)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
at org.apache.hadoop.fs.FsShell.main(FsShell.java:340)
Caused by: PERMISSION_DENIED
org.apache.hadoop.ozone.om.exceptions.OMException: User test doesn't have LIST
permission to access volume Volume:vol-test
at
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:710)
at
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.listBuckets(OzoneManagerProtocolClientSideTranslatorPB.java:632)
at
org.apache.hadoop.ozone.client.rpc.RpcClient.listBuckets(RpcClient.java:1188)
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.getNextListOfBuckets(OzoneVolume.java:525)
... 17 more
```
If you add "l" permission to volume, then
```
[[email protected] ~]$ export HADOOP_USER_NAME=hadoop
[[email protected] ~]$ ~/om-current/bin/ozone sh vol addacl
-a user:test:l /vol-test
ACL user:test:l[ACCESS] added successfully.
[[email protected] ~]$ export HADOOP_USER_NAME=test
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /vol-test
Found 1 items
drwxrwxrwx - hadoop hadoop 0 2023-05-10 17:17 /vol-test/blk-test
```
##########
hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOzoneManagerSnapshotAcl.java:
##########
@@ -409,7 +409,9 @@ private void setDefaultAcls() throws IOException {
.build();
objectStore.setAcl(volumeObj, OzoneAcl.parseAcls(
"user:" + USER1 + ":r," +
- "user:" + USER2 + ":r"));
+ "user:" + USER1 + ":l," +
Review Comment:
@ashishkumar50 Hi, Because list the volume or bucket also requires the "l"
permission
For example
```
[[email protected] ~]$ ~/om-current/bin/ozone sh vol create
vol-test
[[email protected] ~]$ ~/om-current/bin/ozone sh bucket
create vol-test/blk-test
[[email protected] ~]$ export HADOOP_USER_NAME=test
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /vol-test
-ls: Fatal internal error
java.lang.RuntimeException: PERMISSION_DENIED
org.apache.hadoop.ozone.om.exceptions.OMException: User test doesn't have LIST
permission to access volume Volume:vol-test
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.getNextListOfBuckets(OzoneVolume.java:527)
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.<init>(OzoneVolume.java:497)
at
org.apache.hadoop.ozone.client.OzoneVolume.listBuckets(OzoneVolume.java:368)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneClientAdapterImpl.listStatusVolume(BasicRootedOzoneClientAdapterImpl.java:801)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneClientAdapterImpl.listStatus(BasicRootedOzoneClientAdapterImpl.java:885)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneFileSystem.listStatusAdapter(BasicRootedOzoneFileSystem.java:869)
at
org.apache.hadoop.fs.ozone.BasicRootedOzoneFileSystem.listStatus(BasicRootedOzoneFileSystem.java:844)
at
org.apache.hadoop.fs.shell.PathData.getDirectoryContents(PathData.java:268)
at org.apache.hadoop.fs.shell.Command.recursePath(Command.java:373)
at org.apache.hadoop.fs.shell.Ls.processPathArgument(Ls.java:90)
at org.apache.hadoop.fs.shell.Command.processArgument(Command.java:271)
at org.apache.hadoop.fs.shell.Command.processArguments(Command.java:255)
at
org.apache.hadoop.fs.shell.Command.processRawArguments(Command.java:201)
at org.apache.hadoop.fs.shell.Command.run(Command.java:165)
at org.apache.hadoop.fs.FsShell.run(FsShell.java:287)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
at org.apache.hadoop.fs.FsShell.main(FsShell.java:340)
Caused by: PERMISSION_DENIED
org.apache.hadoop.ozone.om.exceptions.OMException: User test doesn't have LIST
permission to access volume Volume:vol-test
at
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.handleError(OzoneManagerProtocolClientSideTranslatorPB.java:710)
at
org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolClientSideTranslatorPB.listBuckets(OzoneManagerProtocolClientSideTranslatorPB.java:632)
at
org.apache.hadoop.ozone.client.rpc.RpcClient.listBuckets(RpcClient.java:1188)
at
org.apache.hadoop.ozone.client.OzoneVolume$BucketIterator.getNextListOfBuckets(OzoneVolume.java:525)
... 17 more
```
If add "l" permission to volume, then
```
[[email protected] ~]$ export HADOOP_USER_NAME=hadoop
[[email protected] ~]$ ~/om-current/bin/ozone sh vol addacl
-a user:test:l /vol-test
ACL user:test:l[ACCESS] added successfully.
[[email protected] ~]$ export HADOOP_USER_NAME=test
[[email protected] ~]$
~/hadoop-2.7.2-5504-ozone-client/bin/hadoop fs -ls /vol-test
Found 1 items
drwxrwxrwx - hadoop hadoop 0 2023-05-10 17:17 /vol-test/blk-test
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
