7 年之前 · a9c14b1119
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -573,7 +573,9 @@ public class FSPermissionChecker implements AccessControlEnforcer {
 
				         && mode.getGroupAction().implies(access)) {
			
 
				       return;
			
 
				     }
			
 
				-    if (mode.getOtherAction().implies(access)) {
			
 
				+    if (!getUser().equals(pool.getOwnerName())
			
 
				+        && !isMemberOfGroup(pool.getGroupName())
			
 
				+        && mode.getOtherAction().implies(access)) {
			
 
				       return;
			
 
				     }
			
 
				     throw new AccessControlException("Permission denied while accessing pool "
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestCacheDirectives.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestCacheDirectives.java
@@ -420,6 +420,9 @@ public class TestCacheDirectives {
 
				         setMode(new FsPermission((short)0777)));
			
 
				     proto.addCachePool(new CachePoolInfo("pool4").
			
 
				         setMode(new FsPermission((short)0)));
			
 
				+    proto.addCachePool(new CachePoolInfo("pool5").
			
 
				+        setMode(new FsPermission((short)0007))
			
 
				+        .setOwnerName(unprivilegedUser.getShortUserName()));
			
 
				 
			
 
				     CacheDirectiveInfo alpha = new CacheDirectiveInfo.Builder().
			
 
				         setPath(new Path("/alpha")).
			
@@ -488,6 +491,18 @@ public class TestCacheDirectives {
 
				 
			
 
				     long deltaId = addAsUnprivileged(delta);
			
 
				 
			
 
				+    try {
			
 
				+      addAsUnprivileged(new CacheDirectiveInfo.Builder().
			
 
				+          setPath(new Path("/epsilon")).
			
 
				+          setPool("pool5").
			
 
				+          build());
			
 
				+      fail("expected an error when adding to a pool with " +
			
 
				+          "mode 007 (no permissions for pool owner).");
			
 
				+    } catch (AccessControlException e) {
			
 
				+      GenericTestUtils.
			
 
				+          assertExceptionContains("Permission denied while accessing pool", e);
			
 
				+    }
			
 
				+
			
 
				     // We expect the following to succeed, because DistributedFileSystem
			
 
				     // qualifies the path.
			
 
				     long relativeId = addAsUnprivileged(