hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Sat, 09 Apr 2011 03:44:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13017799#comment-13017799
] 

Allen Wittenauer commented on HADOOP-7214:
------------------------------------------

bq. Can you provide an example of such a system? I can say with a high degree of confidence
that the authorization semantics of the current patch are the same as that for the vast majority
of the systems that Hadoop is currently deployed on.

In particular, I'm thinking of MS PACs, which I don't think are exposed in the same way UNIX
groups are. I can easily see someone implementing a user-to-group plug-in to use them, given
the staggering amount of Active Directory deployments.

bq. My inclination is to implement it like this, and if a user of this hypothetical system
which you refer to wants it at some point in the future, we can make it a configuration option
at the NN. How does that sound?

I think we likely have an API issue.  When that gets fixed, this should fall in line with
it.  I'm going to have an off-JIRA discussion with some security folks to see if this is truly
something to worry about.


> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt, hadoop-7214.2.txt, hadoop-7214.3.txt,
hadoop-7214.4.txt
>
>
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message