Java Code Examples for org.apache.hadoop.security.UserGroupInformation.createUserForTesting()

The following are Jave code examples for showing how to use createUserForTesting() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: hadoop   File: TestReadWhileWriting.java   View Source Code Vote up 6 votes
static void checkFile(Path p, int expectedsize, final Configuration conf
    ) throws IOException, InterruptedException {
  //open the file with another user account
  final String username = UserGroupInformation.getCurrentUser().getShortUserName()
      + "_" + ++userCount;

  UserGroupInformation ugi = UserGroupInformation.createUserForTesting(username, 
                               new String[] {"supergroup"});
  
  final FileSystem fs = DFSTestUtil.getFileSystemAs(ugi, conf);
  
  final HdfsDataInputStream in = (HdfsDataInputStream)fs.open(p);

  //Check visible length
  Assert.assertTrue(in.getVisibleLength() >= expectedsize);

  //Able to read?
  for(int i = 0; i < expectedsize; i++) {
    Assert.assertEquals((byte)i, (byte)in.read());  
  }

  in.close();
}
 
Example 2
Project: hadoop   File: FSXAttrBaseTest.java   View Source Code Vote up 6 votes
/**
 * This tests the "unreadable by superuser" xattr which denies access to a
 * file for the superuser. See HDFS-6705 for details.
 */
@Test(timeout = 120000)
public void testUnreadableBySuperuserXAttr() throws Exception {
  // Run tests as superuser...
  doTestUnreadableBySuperuserXAttr(fs, true);

  // ...and again as non-superuser
  final UserGroupInformation user = UserGroupInformation.
      createUserForTesting("user", new String[] { "mygroup" });
  user.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      final FileSystem userFs = dfsCluster.getFileSystem();
      doTestUnreadableBySuperuserXAttr(userFs, false);
      return null;
    }
  });
}
 
Example 3
Project: ditb   File: TestSecureRPC.java   View Source Code Vote up 6 votes
public void testRpcFallbackToSimpleAuth(Class<? extends RpcClient> rpcImplClass) throws Exception {
  String krbKeytab = getKeytabFileForTesting();
  String krbPrincipal = getPrincipalForTesting();

  UserGroupInformation ugi = loginKerberosPrincipal(krbKeytab, krbPrincipal);
  assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
  assertEquals(krbPrincipal, ugi.getUserName());

  String clientUsername = "testuser";
  UserGroupInformation clientUgi = UserGroupInformation.createUserForTesting(clientUsername,
      new String[]{clientUsername});

  // check that the client user is insecure
  assertNotSame(ugi, clientUgi);
  assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());
  assertEquals(clientUsername, clientUgi.getUserName());

  Configuration clientConf = new Configuration();
  clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
  callRpcService(rpcImplClass, User.create(clientUgi), clientConf, true);
}
 
Example 4
Project: hadoop   File: TestJobAclsManager.java   View Source Code Vote up 6 votes
@Test
public void testGroups() {
  Map<JobACL, AccessControlList> tmpJobACLs = new HashMap<JobACL, AccessControlList>();
  Configuration conf = new Configuration();
  String jobOwner = "testuser";
  conf.set(JobACL.VIEW_JOB.getAclName(), jobOwner);
  conf.setBoolean(MRConfig.MR_ACLS_ENABLED, true);
  String user = "testuser2";
  String adminGroup = "adminGroup";
  conf.set(MRConfig.MR_ADMINS, " " + adminGroup);

  JobACLsManager aclsManager = new JobACLsManager(conf);
  tmpJobACLs = aclsManager.constructJobACLs(conf);
  final Map<JobACL, AccessControlList> jobACLs = tmpJobACLs;

  UserGroupInformation callerUGI = UserGroupInformation.createUserForTesting(
   user, new String[] {adminGroup});
  // acls off so anyone should have access
  boolean val = aclsManager.checkAccess(callerUGI, JobACL.VIEW_JOB, jobOwner,
      jobACLs.get(JobACL.VIEW_JOB));
  assertTrue("user in admin group should have access", val);
}
 
Example 5
Project: hadoop   File: AppendTestUtil.java   View Source Code Vote up 5 votes
/**
 * Returns the reference to a new instance of FileSystem created 
 * with different user name
 * @param conf current Configuration
 * @return FileSystem instance
 * @throws IOException
 * @throws InterruptedException 
 */
public static FileSystem createHdfsWithDifferentUsername(final Configuration conf
    ) throws IOException, InterruptedException {
  String username = UserGroupInformation.getCurrentUser().getShortUserName()+"_XXX";
  UserGroupInformation ugi = 
    UserGroupInformation.createUserForTesting(username, new String[]{"supergroup"});
  
  return DFSTestUtil.getFileSystemAs(ugi, conf);
}
 
Example 6
Project: hadoop   File: TestFSMainOperationsWebHdfs.java   View Source Code Vote up 5 votes
@BeforeClass
public static void setupCluster() {
  final Configuration conf = new Configuration();
  conf.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
  conf.setLong(DFSConfigKeys.DFS_BLOCK_SIZE_KEY, 1024);
  try {
    cluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
    cluster.waitActive();

    //change root permission to 777
    cluster.getFileSystem().setPermission(
        new Path("/"), new FsPermission((short)0777));

    final String uri = WebHdfsFileSystem.SCHEME  + "://"
        + conf.get(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY);

    //get file system as a non-superuser
    final UserGroupInformation current = UserGroupInformation.getCurrentUser();
    final UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
        current.getShortUserName() + "x", new String[]{"user"});
    fileSystem = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
      @Override
      public FileSystem run() throws Exception {
        return FileSystem.get(new URI(uri), conf);
      }
    });

    defaultWorkingDirectory = fileSystem.getWorkingDirectory();
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
 
Example 7
Project: hadoop   File: TestEncryptionZones.java   View Source Code Vote up 5 votes
/**
 * Test listing encryption zones as a non super user.
 */
@Test(timeout = 60000)
public void testListEncryptionZonesAsNonSuperUser() throws Exception {

  final UserGroupInformation user = UserGroupInformation.
      createUserForTesting("user", new String[] { "mygroup" });

  final Path testRoot = new Path("/tmp/TestEncryptionZones");
  final Path superPath = new Path(testRoot, "superuseronly");
  final Path allPath = new Path(testRoot, "accessall");

  fsWrapper.mkdir(superPath, new FsPermission((short) 0700), true);
  dfsAdmin.createEncryptionZone(superPath, TEST_KEY);

  fsWrapper.mkdir(allPath, new FsPermission((short) 0707), true);
  dfsAdmin.createEncryptionZone(allPath, TEST_KEY);

  user.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      final HdfsAdmin userAdmin =
          new HdfsAdmin(FileSystem.getDefaultUri(conf), conf);
      try {
        userAdmin.listEncryptionZones();
      } catch (AccessControlException e) {
        assertExceptionContains("Superuser privilege is required", e);
      }
      return null;
    }
  });
}
 
Example 8
Project: hadoop-oss   File: GetGroupsTestBase.java   View Source Code Vote up 5 votes
@Before
public void setUpUsers() throws IOException {
  // Make sure the current user's info is in the list of test users.
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation.createUserForTesting(currentUser.getUserName(), currentUser.getGroupNames());
  
  testUser1 = UserGroupInformation.createUserForTesting("foo", new String[]{"bar", "baz"});
  testUser2 = UserGroupInformation.createUserForTesting("fiz", new String[]{"buz", "boz"});
}
 
Example 9
Project: hadoop   File: TestDFSShell.java   View Source Code Vote up 5 votes
@Test (timeout = 30000)
public void testLsr() throws Exception {
  final Configuration conf = new HdfsConfiguration();
  MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
  DistributedFileSystem dfs = cluster.getFileSystem();

  try {
    final String root = createTree(dfs, "lsr");
    dfs.mkdirs(new Path(root, "zzz"));
    
    runLsr(new FsShell(conf), root, 0);
    
    final Path sub = new Path(root, "sub");
    dfs.setPermission(sub, new FsPermission((short)0));

    final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    final String tmpusername = ugi.getShortUserName() + "1";
    UserGroupInformation tmpUGI = UserGroupInformation.createUserForTesting(
        tmpusername, new String[] {tmpusername});
    String results = tmpUGI.doAs(new PrivilegedExceptionAction<String>() {
      @Override
      public String run() throws Exception {
        return runLsr(new FsShell(conf), root, 1);
      }
    });
    assertTrue(results.contains("zzz"));
  } finally {
    cluster.shutdown();
  }
}
 
Example 10
Project: hadoop   File: TestDSAppMaster.java   View Source Code Vote up 5 votes
@Test
public void testTimelineClientInDSAppMaster() throws Exception {
  ApplicationMaster appMaster = new ApplicationMaster();
  appMaster.appSubmitterUgi =
      UserGroupInformation.createUserForTesting("foo", new String[]{"bar"});
  Configuration conf = new YarnConfiguration();
  conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
  appMaster.startTimelineClient(conf);
  Assert.assertEquals(appMaster.appSubmitterUgi,
      ((TimelineClientImpl)appMaster.timelineClient).getUgi());
}
 
Example 11
Project: hadoop   File: TestDelegationToken.java   View Source Code Vote up 5 votes
@Before
public void setup() throws Exception {
  user1 = UserGroupInformation.createUserForTesting("alice", 
                                                    new String[]{"users"});
  user2 = UserGroupInformation.createUserForTesting("bob", 
                                                    new String[]{"users"});
  cluster = new MiniMRCluster(0,0,1,"file:///",1);
}
 
Example 12
Project: hadoop   File: TestLease.java   View Source Code Vote up 5 votes
@SuppressWarnings("unchecked")
@Test
public void testFactory() throws Exception {
  final String[] groups = new String[]{"supergroup"};
  final UserGroupInformation[] ugi = new UserGroupInformation[3];
  for(int i = 0; i < ugi.length; i++) {
    ugi[i] = UserGroupInformation.createUserForTesting("user" + i, groups);
  }

  Mockito.doReturn(
      new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
          (short) 777), "owner", "group", new byte[0], new byte[0],
          1010, 0, null, (byte) 0)).when(mcp).getFileInfo(anyString());
  Mockito
      .doReturn(
          new HdfsFileStatus(0, false, 1, 1024, 0, 0, new FsPermission(
              (short) 777), "owner", "group", new byte[0], new byte[0],
              1010, 0, null, (byte) 0))
      .when(mcp)
      .create(anyString(), (FsPermission) anyObject(), anyString(),
          (EnumSetWritable<CreateFlag>) anyObject(), anyBoolean(),
          anyShort(), anyLong(), (CryptoProtocolVersion[]) anyObject());

  final Configuration conf = new Configuration();
  final DFSClient c1 = createDFSClientAs(ugi[0], conf);
  FSDataOutputStream out1 = createFsOut(c1, "/out1");
  final DFSClient c2 = createDFSClientAs(ugi[0], conf);
  FSDataOutputStream out2 = createFsOut(c2, "/out2");
  Assert.assertEquals(c1.getLeaseRenewer(), c2.getLeaseRenewer());
  final DFSClient c3 = createDFSClientAs(ugi[1], conf);
  FSDataOutputStream out3 = createFsOut(c3, "/out3");
  Assert.assertTrue(c1.getLeaseRenewer() != c3.getLeaseRenewer());
  final DFSClient c4 = createDFSClientAs(ugi[1], conf);
  FSDataOutputStream out4 = createFsOut(c4, "/out4");
  Assert.assertEquals(c3.getLeaseRenewer(), c4.getLeaseRenewer());
  final DFSClient c5 = createDFSClientAs(ugi[2], conf);
  FSDataOutputStream out5 = createFsOut(c5, "/out5");
  Assert.assertTrue(c1.getLeaseRenewer() != c5.getLeaseRenewer());
  Assert.assertTrue(c3.getLeaseRenewer() != c5.getLeaseRenewer());
}
 
Example 13
Project: ditb   File: TestTokenAuthentication.java   View Source Code Vote up 5 votes
@Test
public void testTokenAuthentication() throws Exception {
  UserGroupInformation testuser =
      UserGroupInformation.createUserForTesting("testuser", new String[]{"testgroup"});

  testuser.setAuthenticationMethod(
      UserGroupInformation.AuthenticationMethod.TOKEN);
  final Configuration conf = TEST_UTIL.getConfiguration();
  UserGroupInformation.setConfiguration(conf);
  Token<AuthenticationTokenIdentifier> token =
      secretManager.generateToken("testuser");
  LOG.debug("Got token: " + token.toString());
  testuser.addToken(token);

  // verify the server authenticates us as this token user
  testuser.doAs(new PrivilegedExceptionAction<Object>() {
    public Object run() throws Exception {
      Configuration c = server.getConfiguration();
      RpcClient rpcClient = RpcClientFactory.createClient(c, clusterId.toString());
      ServerName sn =
          ServerName.valueOf(server.getAddress().getHostName(), server.getAddress().getPort(),
              System.currentTimeMillis());
      try {
        BlockingRpcChannel channel = rpcClient.createBlockingRpcChannel(sn,
            User.getCurrent(), HConstants.DEFAULT_HBASE_RPC_TIMEOUT);
        AuthenticationProtos.AuthenticationService.BlockingInterface stub =
            AuthenticationProtos.AuthenticationService.newBlockingStub(channel);
        AuthenticationProtos.WhoAmIResponse response =
            stub.whoAmI(null, AuthenticationProtos.WhoAmIRequest.getDefaultInstance());
        String myname = response.getUsername();
        assertEquals("testuser", myname);
        String authMethod = response.getAuthMethod();
        assertEquals("TOKEN", authMethod);
      } finally {
        rpcClient.close();
      }
      return null;
    }
  });
}
 
Example 14
Project: mapr-music   File: MaprDbDao.java   View Source Code Vote up 4 votes
private static void loginTestUser(String username, String group) {
    UserGroupInformation currentUgi = UserGroupInformation.createUserForTesting(username, new String[]{group});
    UserGroupInformation.setLoginUser(currentUgi);
}
 
Example 15
Project: hadoop   File: TestDFSShell.java   View Source Code Vote up 4 votes
@Test (timeout = 30000)
public void testRemoteException() throws Exception {
  UserGroupInformation tmpUGI = 
    UserGroupInformation.createUserForTesting("tmpname", new String[] {"mygroup"});
  MiniDFSCluster dfs = null;
  PrintStream bak = null;
  try {
    final Configuration conf = new HdfsConfiguration();
    dfs = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
    FileSystem fs = dfs.getFileSystem();
    Path p = new Path("/foo");
    fs.mkdirs(p);
    fs.setPermission(p, new FsPermission((short)0700));
    bak = System.err;
    
    tmpUGI.doAs(new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        FsShell fshell = new FsShell(conf);
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        PrintStream tmp = new PrintStream(out);
        System.setErr(tmp);
        String[] args = new String[2];
        args[0] = "-ls";
        args[1] = "/foo";
        int ret = ToolRunner.run(fshell, args);
        assertEquals("returned should be 1", 1, ret);
        String str = out.toString();
        assertTrue("permission denied printed", 
                   str.indexOf("Permission denied") != -1);
        out.reset();           
        return null;
      }
    });
  } finally {
    if (bak != null) {
      System.setErr(bak);
    }
    if (dfs != null) {
      dfs.shutdown();
    }
  }
}
 
Example 16
Project: hadoop-oss   File: TestAccessControlList.java   View Source Code Vote up 4 votes
/**
 * Verify the method isUserAllowed()
 */
@Test
public void testIsUserAllowed() {
  AccessControlList acl;

  UserGroupInformation drwho =
      UserGroupInformation.createUserForTesting("[email protected]",
          new String[] { "aliens", "humanoids", "timelord" });
  UserGroupInformation susan =
      UserGroupInformation.createUserForTesting("[email protected]",
          new String[] { "aliens", "humanoids", "timelord" });
  UserGroupInformation barbara =
      UserGroupInformation.createUserForTesting("[email protected]",
          new String[] { "humans", "teachers" });
  UserGroupInformation ian =
      UserGroupInformation.createUserForTesting("[email protected]",
          new String[] { "humans", "teachers" });

  acl = new AccessControlList("drwho humanoids");
  assertUserAllowed(drwho, acl);
  assertUserAllowed(susan, acl);
  assertUserNotAllowed(barbara, acl);
  assertUserNotAllowed(ian, acl);

  acl = new AccessControlList("drwho");
  assertUserAllowed(drwho, acl);
  assertUserNotAllowed(susan, acl);
  assertUserNotAllowed(barbara, acl);
  assertUserNotAllowed(ian, acl);

  acl = new AccessControlList("drwho ");
  assertUserAllowed(drwho, acl);
  assertUserNotAllowed(susan, acl);
  assertUserNotAllowed(barbara, acl);
  assertUserNotAllowed(ian, acl);

  acl = new AccessControlList(" humanoids");
  assertUserAllowed(drwho, acl);
  assertUserAllowed(susan, acl);
  assertUserNotAllowed(barbara, acl);
  assertUserNotAllowed(ian, acl);

  acl = new AccessControlList("drwho,ian aliens,teachers");
  assertUserAllowed(drwho, acl);
  assertUserAllowed(susan, acl);
  assertUserAllowed(barbara, acl);
  assertUserAllowed(ian, acl);

  acl = new AccessControlList("");
  UserGroupInformation spyUser = spy(drwho);
  acl.isUserAllowed(spyUser);
  verify(spyUser, never()).getGroupNames();
}
 
Example 17
Project: hadoop   File: TestMiniMRWithDFSWithDistinctUsers.java   View Source Code Vote up 4 votes
static UserGroupInformation createUGI(String name, boolean issuper) {
  String group = issuper? "supergroup": name;
  
  return UserGroupInformation.createUserForTesting(name, new String[]{group});
}
 
Example 18
Project: hadoop   File: TestMiniMRProxyUser.java   View Source Code Vote up 4 votes
protected void setUp() throws Exception {
  super.setUp();
  if (System.getProperty("hadoop.log.dir") == null) {
    System.setProperty("hadoop.log.dir", "/tmp");
  }
  int taskTrackers = 2;
  int dataNodes = 2;
  String proxyUser = System.getProperty("user.name");
  String proxyGroup = "g";
  StringBuilder sb = new StringBuilder();
  sb.append("127.0.0.1,localhost");
  for (InetAddress i : InetAddress.getAllByName(InetAddress.getLocalHost().getHostName())) {
    sb.append(",").append(i.getCanonicalHostName());
  }

  JobConf conf = new JobConf();
  conf.set("dfs.block.access.token.enable", "false");
  conf.set("dfs.permissions", "true");
  conf.set("hadoop.security.authentication", "simple");
  conf.set("hadoop.proxyuser." + proxyUser + ".hosts", sb.toString());
  conf.set("hadoop.proxyuser." + proxyUser + ".groups", proxyGroup);

  String[] userGroups = new String[]{proxyGroup};
  UserGroupInformation.createUserForTesting(proxyUser, userGroups);
  UserGroupInformation.createUserForTesting("u1", userGroups);
  UserGroupInformation.createUserForTesting("u2", new String[]{"gg"});

  dfsCluster = new MiniDFSCluster.Builder(conf).numDataNodes(dataNodes)
      .build();
  FileSystem fileSystem = dfsCluster.getFileSystem();
  fileSystem.mkdirs(new Path("/tmp"));
  fileSystem.mkdirs(new Path("/user"));
  fileSystem.mkdirs(new Path("/hadoop/mapred/system"));
  fileSystem.setPermission(new Path("/tmp"), FsPermission.valueOf("-rwxrwxrwx"));
  fileSystem.setPermission(new Path("/user"), FsPermission.valueOf("-rwxrwxrwx"));
  fileSystem.setPermission(new Path("/hadoop/mapred/system"), FsPermission.valueOf("-rwx------"));
  String nnURI = fileSystem.getUri().toString();
  int numDirs = 1;
  String[] racks = null;
  String[] hosts = null;
  mrCluster = new MiniMRCluster(0, 0, taskTrackers, nnURI, numDirs, racks, hosts, null, conf);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
}
 
Example 19
Project: hadoop   File: TestDFSShell.java   View Source Code Vote up 4 votes
@Test (timeout = 30000)
public void testSetXAttrCaseSensitivity() throws Exception {
  UserGroupInformation user = UserGroupInformation.
      createUserForTesting("user", new String[] {"mygroup"});
  MiniDFSCluster cluster = null;
  PrintStream bak = null;
  try {
    final Configuration conf = new HdfsConfiguration();
    cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
    cluster.waitActive();

    FileSystem fs = cluster.getFileSystem();
    Path p = new Path("/mydir");
    fs.mkdirs(p);
    bak = System.err;

    final FsShell fshell = new FsShell(conf);
    final ByteArrayOutputStream out = new ByteArrayOutputStream();
    System.setOut(new PrintStream(out));

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-n", "User.Foo", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo"},
      new String[] {});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-n", "user.FOO", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo", "user.FOO"},
      new String[] {});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-n", "USER.foo", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo", "user.FOO", "user.foo"},
      new String[] {});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-n", "USER.fOo", "-v", "myval", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo", "user.FOO", "user.foo", "user.fOo=\"myval\""},
      new String[] {"user.Foo=", "user.FOO=", "user.foo="});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-x", "useR.foo", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo", "user.FOO"},
      new String[] {"foo"});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-x", "USER.FOO", "/mydir"},
      new String[] {"-getfattr", "-d", "/mydir"},
      new String[] {"user.Foo"},
      new String[] {"FOO"});

    doSetXattr(out, fshell,
      new String[] {"-setfattr", "-x", "useR.Foo", "/mydir"},
      new String[] {"-getfattr", "-n", "User.Foo", "/mydir"},
      new String[] {},
      new String[] {"Foo"});

  } finally {
    if (bak != null) {
      System.setOut(bak);
    }
    if (cluster != null) {
      cluster.shutdown();
    }
  }
}
 
Example 20
Project: hadoop   File: TestFsck.java   View Source Code Vote up 4 votes
/** Test fsck with permission set on inodes */
@Test
public void testFsckPermission() throws Exception {
  final DFSTestUtil util = new DFSTestUtil.Builder().
      setName(getClass().getSimpleName()).setNumFiles(20).build();
  final Configuration conf = new HdfsConfiguration();
  conf.setLong(DFSConfigKeys.DFS_BLOCKREPORT_INTERVAL_MSEC_KEY, 10000L);

  MiniDFSCluster cluster = null;
  try {
    // Create a cluster with the current user, write some files
    cluster = new MiniDFSCluster.Builder(conf).numDataNodes(4).build();
    final MiniDFSCluster c2 = cluster;
    final String dir = "/dfsck";
    final Path dirpath = new Path(dir);
    final FileSystem fs = c2.getFileSystem();

    util.createFiles(fs, dir);
    util.waitReplication(fs, dir, (short) 3);
    fs.setPermission(dirpath, new FsPermission((short) 0700));

    // run DFSck as another user, should fail with permission issue
    UserGroupInformation fakeUGI = UserGroupInformation.createUserForTesting(
        "ProbablyNotARealUserName", new String[] { "ShangriLa" });
    fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        System.out.println(runFsck(conf, -1, true, dir));
        return null;
      }
    });
    
    // set permission and try DFSck again as the fake user, should succeed
    fs.setPermission(dirpath, new FsPermission((short) 0777));
    fakeUGI.doAs(new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        final String outStr = runFsck(conf, 0, true, dir);
        System.out.println(outStr);
        assertTrue(outStr.contains(NamenodeFsck.HEALTHY_STATUS));
        return null;
      }
    });

    util.cleanup(fs, dir);
  } finally {
    if (cluster != null) { cluster.shutdown(); }
  }
}