Return-Path: Delivered-To: apmail-hadoop-core-commits-archive@www.apache.org Received: (qmail 7389 invoked from network); 23 Jan 2008 02:20:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 Jan 2008 02:20:45 -0000 Received: (qmail 18760 invoked by uid 500); 23 Jan 2008 02:20:35 -0000 Delivered-To: apmail-hadoop-core-commits-archive@hadoop.apache.org Received: (qmail 18732 invoked by uid 500); 23 Jan 2008 02:20:35 -0000 Mailing-List: contact core-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-commits@hadoop.apache.org Received: (qmail 18722 invoked by uid 500); 23 Jan 2008 02:20:35 -0000 Delivered-To: apmail-lucene-hadoop-commits@lucene.apache.org Received: (qmail 18719 invoked by uid 99); 23 Jan 2008 02:20:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2008 18:20:35 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Jan 2008 02:20:29 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 08F761A9832; Tue, 22 Jan 2008 18:20:21 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r614410 - in /lucene/hadoop/trunk: CHANGES.txt src/java/org/apache/hadoop/dfs/FSNamesystem.java src/java/org/apache/hadoop/dfs/NameNode.java Date: Wed, 23 Jan 2008 02:20:20 -0000 To: hadoop-commits@lucene.apache.org From: shv@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080123022021.08F761A9832@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: shv Date: Tue Jan 22 18:20:06 2008 New Revision: 614410 URL: http://svn.apache.org/viewvc?rev=614410&view=rev Log: HADOOP-2659. Introduce superuser permissions for admin operations. Contributed by Tsz Wo (Nicholas), SZE Modified: lucene/hadoop/trunk/CHANGES.txt lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/NameNode.java Modified: lucene/hadoop/trunk/CHANGES.txt URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/CHANGES.txt?rev=614410&r1=614409&r2=614410&view=diff ============================================================================== --- lucene/hadoop/trunk/CHANGES.txt (original) +++ lucene/hadoop/trunk/CHANGES.txt Tue Jan 22 18:20:06 2008 @@ -278,6 +278,9 @@ HADOOP-2469. WritableUtils.clone should take a Configuration instead of a JobConf. (stack via omalley) + HADOOP-2659. Introduce superuser permissions for admin operations. + (Tsz Wo (Nicholas), SZE via shv) + OPTIMIZATIONS HADOOP-1898. Release the lock protecting the last time of the last stack Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java?rev=614410&r1=614409&r2=614410&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/FSNamesystem.java Tue Jan 22 18:20:06 2008 @@ -423,6 +423,7 @@ * Dump all metadata into specified file */ void metaSave(String filename) throws IOException { + checkSuperuserPrivilege(); File file = new File(System.getProperty("hadoop.log.dir"), filename); PrintWriter out = new PrintWriter(new BufferedWriter( @@ -2740,6 +2741,13 @@ pendingReplications.remove(block); } + long[] getStats() throws IOException { + checkSuperuserPrivilege(); + synchronized(heartbeats) { + return new long[]{totalCapacity(), totalDfsUsed(), totalRemaining()}; + } + } + /** * Total raw bytes including non-dfs used space. */ @@ -2829,7 +2837,9 @@ return nodes; } - public synchronized DatanodeInfo[] datanodeReport( DatanodeReportType type ) { + public synchronized DatanodeInfo[] datanodeReport( DatanodeReportType type + ) throws AccessControlException { + checkSuperuserPrivilege(); ArrayList results = getDatanodeListForReport(type); DatanodeInfo[] arr = new DatanodeInfo[results.size()]; @@ -3282,6 +3292,7 @@ * 4. Removed from exclude --> stop decommission. */ void refreshNodes() throws IOException { + checkSuperuserPrivilege(); hostsReader.refresh(); synchronized (this) { for (Iterator it = datanodeMap.values().iterator(); @@ -3308,6 +3319,10 @@ } + void finalizeUpgrade() throws IOException { + checkSuperuserPrivilege(); + getFSImage().finalizeUpgrade(); + } /** * Checks if the node is not on the hosts list. If it is not, then @@ -3731,6 +3746,20 @@ return System.currentTimeMillis(); } + boolean setSafeMode(SafeModeAction action) throws IOException { + checkSuperuserPrivilege(); + switch(action) { + case SAFEMODE_LEAVE: // leave safe mode + leaveSafeMode(false); + break; + case SAFEMODE_ENTER: // enter safe mode + enterSafeMode(); + break; + case SAFEMODE_GET: // get safe mode + } + return isInSafeMode(); + } + /** * Check whether the name node is in safe mode. * @return true if safe mode is ON, false otherwise @@ -3937,6 +3966,16 @@ private PermissionChecker checkTraverse(String path ) throws AccessControlException { return checkPermission(path, false, null, null, null, null); + } + + private void checkSuperuserPrivilege() throws AccessControlException { + if (isPermissionEnabled) { + PermissionChecker pc = new PermissionChecker( + fsOwner.getUserName(), supergroup); + if (!pc.isSuper) { + throw new AccessControlException("Superuser privilege is required"); + } + } } /** Modified: lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/NameNode.java URL: http://svn.apache.org/viewvc/lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/NameNode.java?rev=614410&r1=614409&r2=614410&view=diff ============================================================================== --- lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/NameNode.java (original) +++ lucene/hadoop/trunk/src/java/org/apache/hadoop/dfs/NameNode.java Tue Jan 22 18:20:06 2008 @@ -430,7 +430,8 @@ return files; } - /* Get the file info for a specific file. + /** + * Get the file info for a specific file. * @param src The string representation of the path to the file * @throws IOException if file does not exist * @return object containing information regarding the file @@ -439,14 +440,9 @@ return namesystem.getFileInfo(src); } - /** - */ + /** @inheritDoc */ public long[] getStats() throws IOException { - long results[] = new long[3]; - results[0] = namesystem.totalCapacity(); - results[1] = namesystem.totalDfsUsed(); - results[2] = namesystem.totalRemaining(); - return results; + return namesystem.getStats(); } /** @@ -464,16 +460,7 @@ * @inheritDoc */ public boolean setSafeMode(SafeModeAction action) throws IOException { - switch(action) { - case SAFEMODE_LEAVE: // leave safe mode - namesystem.leaveSafeMode(false); - break; - case SAFEMODE_ENTER: // enter safe mode - namesystem.enterSafeMode(); - break; - case SAFEMODE_GET: // get safe mode - } - return namesystem.isInSafeMode(); + return namesystem.setSafeMode(action); } /** @@ -513,7 +500,7 @@ } public void finalizeUpgrade() throws IOException { - getFSImage().finalizeUpgrade(); + namesystem.finalizeUpgrade(); } public UpgradeStatusReport distributedUpgradeProgress(UpgradeAction action