hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10851) NetgroupCache does not remove group memberships
Date Wed, 16 Jul 2014 19:24:07 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10851?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benoy Antony updated HADOOP-10851:
----------------------------------

    Attachment:     (was: HADOOP-10852.patch)

> NetgroupCache does not remove group memberships
> -----------------------------------------------
>
>                 Key: HADOOP-10851
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10851
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.1
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: HADOOP-10851.patch
>
>
> _NetgroupCache_ is used by _GroupMappingServiceProvider_ implementations based on net
groups.
> But it has a serious flaw in that once a user to group membership is established, it
remains forever even if user is actually removed from the netgroup and cache is cleared. 
It is cleared only if the server is restarted.
> To reproduce this: 
> * Cache a group with a set of users.
> * Test membership correctness.
> * Clear cache, remove a user from the group and cache the group again
> * Expected result : user’s groups should not include the group from which he/she is
removed. 
> * Actual result : user’s groups includes the group from which he/she was removed.
> It is also noted that _NetgroupCache_ has concurrency issues and a separate jira is filed
to rectify them.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message