Multi user fix requiring a 'super user' specification in the core-site.xml. The super user should be used to run the hadoop daemon services.

childsb · childsb · commit fe14eac1713c · 2013-10-17T09:32:58.000-06:00
This user will be granted read access to the DFS for job scheduling purposes.
diff --git a/conf/core-site.xml b/conf/core-site.xml
@@ -24,7 +24,12 @@
     <value>glusterfs://ambari-3.abrv8.com:gv0<</value>
   </property>
 
-
+  <!-- a super user that the hadoop daemons run under. required for multi-user secure clusters -->
+  <property>
+    <name>gluster.daemon.user</name>
+    <value>hadoop</value>
+  </property>
+  
   <!--  this is the default glusterfs hook with no additional integrity checking on files -->
   <property>
     <name>fs.AbstractFileSystem.glusterfs.impl</name>
diff --git a/src/main/java/org/apache/hadoop/fs/glusterfs/GlusterVolume.java b/src/main/java/org/apache/hadoop/fs/glusterfs/GlusterVolume.java
@@ -34,13 +34,15 @@
 import org.apache.hadoop.fs.RawLocalFileSystem;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.apache.hadoop.fs.permission.FsPermission;
 
 public class GlusterVolume extends RawLocalFileSystem{
 
     static final Logger log = LoggerFactory.getLogger(GlusterFileSystemCRC.class);
     public static final URI NAME = URI.create("glusterfs:///");
     
     protected String root=null;
+    protected String superUser=null;
     
     protected static GlusterFSXattr attr = null;
     
@@ -79,6 +81,8 @@ public void setConf(Configuration conf){
                     mkdirs(mapredSysDirectory);
                 }
                 
+                superUser =  conf.get("gluster.daemon.user", null);
+                
                 //volName=conf.get("fs.glusterfs.volname", null);
                 //remoteGFSServer=conf.get("fs.glusterfs.server", null);
                 
@@ -155,7 +159,36 @@ public long getBlockSize(Path path) throws IOException{
 
         return blkSz;
     }
-   
+    /*
+     * ensures the 'super user' is given read/write access.  
+     * the ACL drops off after a chmod or chown.
+     */
+    
+    private void updateAcl(Path p){
+    	if(superUser!=null){
+    		File f = pathToFile(p);
+    		String path = f.getAbsolutePath();
+    		String command = "setfacl -m u:" + superUser + ":rwx " + path;
+    		try{
+    			Runtime.getRuntime().exec(command);
+    		}catch(IOException ex){
+    			throw new RuntimeException(ex);
+    		}
+    	}
+    }
+    
+    public void setOwner(Path p, String username, String groupname)
+            throws IOException {
+    	super.setOwner(p,username,groupname);
+    	updateAcl(p);
+    	
+    }
+    
+    public void setPermission(Path p, FsPermission permission)
+            throws IOException {
+    	super.setPermission(p,permission);
+    	updateAcl(p);
+    }
     public BlockLocation[] getFileBlockLocations(FileStatus file,long start,long len) throws IOException{
         File f=pathToFile(file.getPath());
         BlockLocation[] result=null;
