From f111bf8c33963ab77f6a1dd01efed56c0a66e181 Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Thu, 13 Jun 2024 19:10:33 -0700 Subject: [PATCH 1/2] cadc-util-fs: include default group default ACL in output --- cadc-util-fs/build.gradle | 2 +- .../opencadc/util/fs/AclCommandExecutor.java | 65 ++++++++++++------- .../util/fs/AclCommandExecutorTest.java | 17 +++++ 3 files changed, 59 insertions(+), 25 deletions(-) diff --git a/cadc-util-fs/build.gradle b/cadc-util-fs/build.gradle index f873a87e..f5314b1d 100644 --- a/cadc-util-fs/build.gradle +++ b/cadc-util-fs/build.gradle @@ -16,7 +16,7 @@ sourceCompatibility = 1.8 group = 'org.opencadc' -version = '1.1.2' +version = '1.1.3' description = 'OpenCADC file system utility library' def git_url = 'https://github.com/opencadc/vos' diff --git a/cadc-util-fs/src/main/java/org/opencadc/util/fs/AclCommandExecutor.java b/cadc-util-fs/src/main/java/org/opencadc/util/fs/AclCommandExecutor.java index 14d0a485..7dd3ba4c 100644 --- a/cadc-util-fs/src/main/java/org/opencadc/util/fs/AclCommandExecutor.java +++ b/cadc-util-fs/src/main/java/org/opencadc/util/fs/AclCommandExecutor.java @@ -400,7 +400,7 @@ private Set getACL(String perm, boolean defaultACL, boolean resolve) throws IOEx if (!resolve) { cmdList.add("--numeric"); } - cmdList.add("--omit-header"); + //cmdList.add("--omit-header"); cmdList.add("--skip-base"); cmdList.add("--physical"); // do not follow symlinks cmdList.add(toAbsolutePath(path)); @@ -413,35 +413,52 @@ private Set getACL(String perm, boolean defaultACL, boolean resolve) throws IOEx } String out = grabber.getOutput(true); String[] lines = out.split("[\n]"); + String groupToken = null; for (String s : lines) { String[] tokens = s.split("[:#]"); // hash to split effective permissions when masked - log.debug("raw: (" + tokens.length + ") " + s); - String gidToken = null; - String permToken = null; - if (defaultACL && "default".equals(tokens[0]) && "group".equals(tokens[1])) { - if (tokens.length >= 4 && tokens[2].length() > 0) { - gidToken = tokens[2]; - permToken = tokens[3]; - } - } else if (!defaultACL && "group".equals(tokens[0]) && tokens[1].length() > 0) { - if (tokens.length == 3) { - gidToken = tokens[1]; - permToken = tokens[2]; - } else if (tokens.length == 5) { - gidToken = tokens[1]; - permToken = tokens[4]; // effective permissions due to masked + if (s.startsWith("#")) { + // header line + String tk = tokens[1].trim(); + log.debug("header tokens: " + tk + " " + tokens[2]); + if ("group".equals(tk)) { + groupToken = tokens[2].trim(); + log.debug("default group: " + groupToken); } } else { - log.debug("skip: " + s); - } - log.debug("found: " + gidToken + "," + permToken + " in " + s); - if (gidToken != null && permToken != null && permToken.startsWith(perm)) { - if (resolve) { - aclList.add(gidToken); + log.debug("raw: (" + tokens.length + ") " + s); + String gidToken = null; + String permToken = null; + if (defaultACL && "default".equals(tokens[0]) && "group".equals(tokens[1])) { + if (tokens.length >= 4) { + if (tokens[2].length() == 0) { + // the default ACL for the default group + gidToken = groupToken; // from header + permToken = tokens[3]; + } else if (tokens[2].length() > 0) { + gidToken = tokens[2]; + permToken = tokens[3]; + } + } + } else if (!defaultACL && "group".equals(tokens[0]) && tokens[1].length() > 0) { + if (tokens.length == 3) { + gidToken = tokens[1]; + permToken = tokens[2]; + } else if (tokens.length == 5) { + gidToken = tokens[1]; + permToken = tokens[4]; // effective permissions due to masked + } } else { - aclList.add(Integer.parseInt(gidToken)); + log.debug("skip: " + s); } - } + log.debug("found: " + gidToken + "," + permToken + " in " + s); + if (gidToken != null && permToken != null && permToken.startsWith(perm)) { + if (resolve) { + aclList.add(gidToken); + } else { + aclList.add(Integer.parseInt(gidToken)); + } + } + } } return aclList; } diff --git a/cadc-util-fs/src/test/java/org/opencadc/util/fs/AclCommandExecutorTest.java b/cadc-util-fs/src/test/java/org/opencadc/util/fs/AclCommandExecutorTest.java index 3f33d378..325a06b1 100644 --- a/cadc-util-fs/src/test/java/org/opencadc/util/fs/AclCommandExecutorTest.java +++ b/cadc-util-fs/src/test/java/org/opencadc/util/fs/AclCommandExecutorTest.java @@ -83,6 +83,7 @@ import java.util.LinkedHashSet; import java.util.List; import java.util.Set; +import java.util.TreeSet; import java.util.UUID; import org.apache.log4j.Level; import org.apache.log4j.Logger; @@ -244,6 +245,22 @@ void executeCommand(final String[] command) throws IOException { rwDefault = acl.getReadWriteACL(true); Assert.assertNotNull(rwDefault); Assert.assertTrue(rwDefault.isEmpty()); + + // verify that defaults ACL can be set and minimally seen without actual group ACLs + Set emptySet = new TreeSet<>(); + acl.setACL(worldReadable, emptySet, emptySet, true); + roDefault = acl.getReadOnlyACL(true); + Assert.assertNotNull(roDefault); + Assert.assertTrue(roDefault.isEmpty()); + rwDefault = acl.getReadWriteACL(true); + Assert.assertNotNull(rwDefault); + // shows up here as a rw default + for (Integer i : rwDefault) { + log.info("found bare default RW: " + i); + } + Assert.assertFalse(rwDefault.isEmpty()); + + } else { try { acl.setACL(worldReadable, readGroupPrincipals, writeGroupPrincipals, true); From df87ad5f87507f023d682d39025c03c6e663a3c4 Mon Sep 17 00:00:00 2001 From: Patrick Dowler Date: Thu, 13 Jun 2024 19:11:30 -0700 Subject: [PATCH 2/2] cavern: remove inheritPermission set attr call --- cavern/VERSION | 2 +- .../main/java/org/opencadc/cavern/nodes/NodeUtil.java | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/cavern/VERSION b/cavern/VERSION index 8dcedbb8..53635723 100644 --- a/cavern/VERSION +++ b/cavern/VERSION @@ -1,6 +1,6 @@ ## deployable containers have a semantic and build tag # semantic version tag: major.minor # build version tag: timestamp -VER=0.7.8 +VER=0.7.9 TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")" unset VER diff --git a/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java b/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java index 463a0538..149054af 100644 --- a/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java +++ b/cavern/src/main/java/org/opencadc/cavern/nodes/NodeUtil.java @@ -313,13 +313,10 @@ private void setNodeProperties(Path path, Node node) throws IOException, Interru boolean inherit = false; if (isDir) { ContainerNode cn = (ContainerNode) node; - if (cn.inheritPermissions != null) { - // set - String val = cn.inheritPermissions.toString(); - ExtendedFileAttributes.setFileAttribute(path, VOS.PROPERTY_URI_INHERIT_PERMISSIONS.toASCIIString(), val); + if (cn.clearInheritPermissions) { + inherit = false; + } else { inherit = cn.inheritPermissions; - } else if (cn.clearInheritPermissions) { - ExtendedFileAttributes.setFileAttribute(path, VOS.PROPERTY_URI_INHERIT_PERMISSIONS.toASCIIString(), null); } }