hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Thu, 14 Apr 2011 22:20:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020062#comment-13020062
] 

Aaron T. Myers commented on HADOOP-7214:
----------------------------------------

bq. In ShellBasedUnixGroupsMapping, is it valid to assume that they are in the same group
administrative domain?

Not necessarily, but as I've mentioned previously, Hadoop already exposes this information,
just not easily. Allen pointed out that it's available as part of the job conf. I also described
a way a user could deduce what groups they belong to by repeatedly calling {{chgrp}}.

My point is just that Hadoop isn't hiding this information as it stands. Hadoop makes decisions
based on the groups a user belongs to, so we should make it easy for our users to find out
what groups Hadoop thinks they belong to.

bq. How about introduce a separated group proxy server for the clients outside the domain?

I don't fully understand the suggestion. Could you please elaborate? Is the point that you
agree that users should be able to determine their group membership, but we should use some
other process that isn't the NN to do it?

bq. It seems not right to use NN as a proxy service for group resolution.

I disagree. When a user interacts with HDFS, the only thing that matters with respect to groups
is what groups the NN thinks they belong to. Thus, it seems perfectly natural to me to provide
a way to ask the NN "what groups do you think I belong to?" Without this, it is very difficult
for a user to deduce why they were denied access to a particular file/directory.

> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt, hadoop-7214.2.txt, hadoop-7214.3.txt,
hadoop-7214.4.txt
>
>
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message