hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Fri, 08 Apr 2011 02:19:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13017238#comment-13017238
] 

Aaron T. Myers commented on HADOOP-7214:
----------------------------------------

bq. Because that isn't true on every system that Hadoop may consume. I suspect that we actually
have a higher level vulnerability here if the method isn't protected either.

Can you provide an example of such a system? I can say with a high degree of confidence that
the authorization semantics of the current patch are the same as that for the vast majority
of the systems that Hadoop is currently deployed on.

My inclination is to implement it like this, and if a user of this hypothetical system which
you refer to wants it at some point in the future, we can make it a configuration option at
the NN. How does that sound?

> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt
>
>
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message