hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Thu, 14 Apr 2011 22:42:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020073#comment-13020073
] 

Tsz Wo (Nicholas), SZE commented on HADOOP-7214:
------------------------------------------------

> ... Could you please elaborate? Is the point that you agree that users should be able
to determine their group membership, but we should use some other process that isn't the NN
to do it?

Yes, it makes sense to let user to determine their group membership.  In case of LDAP, clients
should talk to the LDAP server directly.  In case of shell, it may be better to run a separated
group server/process for the clients outside the domain.

NN is already a bottleneck of the system.  We don't want to overload it with other functionality.

I think we need some helps here.  Could any security expert comment on this?

> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt, hadoop-7214.2.txt, hadoop-7214.3.txt,
hadoop-7214.4.txt
>
>
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message