|
[
Permlink
| « Hide
]
Pete Wyckoff added a comment - 08/Sep/08 03:53 AM
This is the code I wrote and compiles and is what I was thinking. May need some debugging and definitely needs unit tests but I though I would post what I have so far.
without implementing posix access method, fuse still won't respect permissions. I have opened a JIRA for the FileSystem to implement it and another for fuse to then implement it.
Pete,
fuse_context * context = fuse_get_context (); uid_t uid = context->uid; gid_t uid = context->gid;
yes, duh, I knew that but for some reason I must have been thinking or not thinking rather. I don't know why I did that
I was thinking I could, but that DFS should have it anyway really and might be better to implement all the rules there. If the DFS community doesn't want to do it (although it is a posix api) or cannot do it soon, I will implement it in libhdfs?? fix getuid/getgid issues and some bugs. Still doesn't pass the utimes test of touching a file and seeing the modification time updated. I'm not sure why as touch is definitely ending up calling utime, but the mtime doesn't seem to get updated.
probably just needs another short debugging session to complete the patch. I can't make chown work yet. having trouble with getpwuid - returning:
struct passwd {
char *pw_name; /* user name */
char *pw_passwd; /* user password */
uid_t pw_uid; /* user id */
gid_t pw_gid; /* group id */
char *pw_gecos; /* real name */
char *pw_dir; /* home directory */
char *pw_shell; /* shell program */
};
and pw_name is returning the password field in the /etc/passwd file instead of the login name. could use help if anyone knows about these pwd.h apis. Pete,
1. See my attachment for 2. Also, I was thinking about the gid_t uid = context->gid; Surely this only gives the default group of the user? How would this work in my setting, where my default group represents my status, while most files are protected on a groups which are assigned on a project level basis? In the RPC mechanism used by NFS, the following struct is used to pass authentication information from client to server (source: https://trac.eecs.iu-bremen.de/projects/scotty/browser/branches/tubs/compat/rpc/auth_unix.h?rev=885): struct authunix_parms {
u_long aup_time;
char *aup_machname;
int aup_uid;
int aup_gid;
u_int aup_len;
int *aup_gids;
};
The point s that a process accessing a file in the NFS client has a uid and a gid. However, the NFS client supplements the gid with the other gids that the user belongs to. We should do likewise. fixes all the problems and I added all the groups using Craig's other patch.
ant test-contrib -Dfusedfs=1 -Dlibhdfs=1 -Dtestcase=TestFuseDFS passes (with hadoop-4014 patch applied - the patch for libhdfs to expose these apis). Looks good.
1. What are the side-effects of not having dfs_access implemented? C added
AC_FUNC_GETGROUPS to and check GETGROUPS_T in fuse_dfs.c as Craig suggested Yes, getting everything else in other than actually respecting the ACLs is a little bit of a hollow victory
I'm not even sure there's complete consensus on https://issues.apache.org/jira/browse/HADOOP-4108 Hi Craig, I could add a #define HDFS_ACCESS_T with a call to an as yet unimplemented libhdfs API. It is a little confusing i agree to show permissions and be capable of changing them but the FS doesn't respect them. Do you want thanks, pete I dont see how this patch can be committed without
Wrt HADOOP-4108, I'm not sure. You need to get (a) a consensus, (b) an acceptable patch, and (c) the patch committed by Friday. Does the fuse-dfs currently let me read/write files that I dont have permission to do so? C I haven't looked at the patch, but how do you determine if the user is permitted to change the ownership/permission of a file without access() being implemented?
I am assuming the Hadoop API will prevent this and the user will get an IO error - (which has happened to me
), but I should add a unit test for this and see if there's a way to return -EPERM. Now that I think about it, access() may not be necessary for chown()/chmod().
In particular, I'm thinking of a bug that happened in Solaris cpio (or was it pax?) eons ago where a user had a privilege assigned that allowed that user to chown() files. But that user couldn't actually read the files. So doing a raw chown() with no access check was the right thing to do. If Hadoop were to mature enough to have a role system, doing access() followed by chown()/chmod() would be the wrong thing to do. So, yes, I think it is ok to do chown()/chmod() without access() and just let the EPERM error or whatever Hadoop is throwing back to the user. Of course, this begs the question about what FUSE will do under roles, but that's a different discussion for a different day.
Yes, it does unconditionally. So, this patch will improve things. the only thing is you will get an IO error rather than a correct error message saying you don't have permissions. So, in that respect, this patch is an improvement. Albeit, getting an IO error rather than a permission error is a little weird. I guess the question is whether it's preferable to let people see files unconditionally or get an IO error when they do?? I think getting 4108 committed by Friday isn't possible. An alternative would be to assume -EPERM when libhdfs gives an error, but that would be pretty hacky. +1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12390211/HADOOP-4106.txt  against trunk revision 696130. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/3280/testReport/ This message is automatically generated. I am basically +1 on committing this w/o access, so could others vote +1 or -1 on committing this w/o being blocked by having the access method? (ie HADOOP-4108). Again the problem with this patch is people will get an I/O error when accessing a file they don't have permission to rather than a permission error. w/o this patch, there are no access privileges as fuse always connects as the super user. So, I think the patch is an improvement. peter Committed. Thanks Pete.
Committed revision 696777. Integrated in Hadoop-trunk #611 (See http://hudson.zones.apache.org/hudson/job/Hadoop-trunk/611/
) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
New Feature
Closed
Major
add time, permission and user attribute support to fuse-dfs
