hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12296) when setnetgrent returns 0 in linux, exception should be thrown
Date Tue, 04 Aug 2015 14:37:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653732#comment-14653732
] 

Jason Lowe commented on HADOOP-12296:
-------------------------------------

bq. Is throwing an exception really the correct thing to do when a netgroup doesn't exist?
That seems particularly drastic.
Throwing an exception makes sense to me given the context in which this is used.  This code
is only called in one place, and here's what it does:
{code:title=JniBasedUnixGroupsNetgroupMapping.java}
  protected synchronized List<String> getUsersForNetgroup(String netgroup) {
    String[] users = null;
    try {
      // JNI code does not expect '@' at the begining of the group name
      users = getUsersForNetgroupJNI(netgroup.substring(1));
    } catch (Exception e) {
      if (LOG.isDebugEnabled()) {
        LOG.debug("Error getting users for netgroup " + netgroup, e);
      } else {
        LOG.info("Error getting users for netgroup " + netgroup + 
            ": " + e.getMessage());
      }
    }
    if (users != null && users.length != 0) {
      return Arrays.asList(users);
    }
    return new LinkedList<String>();
  }
{code}

As it is today, setnetgrent errors are silently ignored.  The C code behaves as if the netgroup
exists but is empty.  No error or warning is logged, so if someone accidentally specifies
a bogus netgroup in some ACL conf property (e.g.: who has access to this scheduler queue)
or if there's a problem performing the lookup on a particular netgroup then there will be
no diagnostic whatsoever.  That's not very helpful when someone is trying to figure out why
permissions aren't working properly.  If we start throwing an exception when setnetgrent fails
then we will still act as if the netgroup exists and is empty, but at least we'll log a message
indicating something went wrong with that netgroup lookup.

[~lichangleo] have you tested this change?

> when setnetgrent returns 0 in linux, exception should be thrown
> ---------------------------------------------------------------
>
>                 Key: HADOOP-12296
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12296
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Chang Li
>            Assignee: Chang Li
>         Attachments: HADOOP-12296.2.patch, HADOOP-12296.patch
>
>
> In linux, setnetgrent returns 0 in linux when something wrong is happen, such as out
of memory, unknown group, unavailable service, etc. So errorMessage should be set and exception
should be thrown



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message