hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjay Radia (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Fri, 15 Apr 2011 00:38:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020131#comment-13020131
] 

Sanjay Radia commented on HADOOP-7214:
--------------------------------------

The main concern I have here is that Hadoop permissions and security was very explicitly designed
to NOT manage
user accounts or group accounts. Hadoop uses the accounts (user and group) from the environment
in which Hadoop 
is deployed. This has many advantages for deploying and using Hadoop. 
When the authentication system returns a particular user name after authentication it assumes
that the name is a valid user. Groups membership for a user are determined  via a plug in.
Given that Hadoop does not manage user accounts or group accounts it is very strange that
the NN and JT have a
method that return group membership. Such a method does not seem to belong in the NN's or
JT's interface.
It seems that one needs a library that uses the same plugin that the NN or JT uses. The command
can call this 
library. Allen's point is correct that one has to correctly configure all Hadoop components
to pull the 
membership from the same source.

> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt, hadoop-7214.2.txt, hadoop-7214.3.txt,
hadoop-7214.4.txt
>
>
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message