hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12830) Bash environment for quick command operations
Date Mon, 22 Feb 2016 18:49:18 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157464#comment-15157464
] 

Allen Wittenauer commented on HADOOP-12830:
-------------------------------------------

bq. A malicious root user can attack more directly with "su <hdfs super user> -c". I
think the attack from root is unavoidable.

Not necessarily.  If Kerberos is enabled, keys are being stored locked in memory, etc, then
su isn't guaranteed to work.

The more I think about this patch, the more I think making it a separate executable shell
script is making it harder.  If this is merged into the main hadoop script, then not only
is access to the functions easier, common env vars guaranteed, etc, but there's no question
about which hadoop was used to trigger.  

Also, rather than using flock, why not just use the pid file with status support?  Sure, it's
not as rock solid as flock, but it is also much more portable, especially if you un-GNU the
mkfifo command and actually use a POSIX command line.  This should make this function work
pretty much everywhere.

> Bash environment for quick command operations
> ---------------------------------------------
>
>                 Key: HADOOP-12830
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12830
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: bin
>            Reporter: Kazuho Fujii
>            Assignee: Kazuho Fujii
>         Attachments: HADOOP-12830.001.patch
>
>
> Hadoop file system shell commands are slow. This issue is about building a shell environment
for quick command operations.
> Previously an interactive shell is tried to build in HADOOP-6541. But, it seems to be
poor because users are used to powerful shells like bash. This issue is not about creating
a new shell, but just opening a new bash process. Therefore, user can operate commands as
before.
> {code}
> fjk@x240:~/hadoop-2.7.2$ ./bin/hadoop shell
> fjk@x240 hadoop> hadoop fs -ls /
> Found 2 items
> -rw-r--r--   3 fjk supergroup          0 2016-02-21 00:26 /file1
> -rw-r--r--   3 fjk supergroup          0 2016-02-21 00:26 /file2
> {code}
> The shell has a mini daemon process that is living until the shell is closed. The hadoop
fs command delegates the operation to the daemon. They communicate with named pipes. The daemon
conducts the operation and returns the result to the command.
> In this shell the hadoop fs commands operation becomes quick. In a local environment,
"hadoop fs -ls" command is about 100 times faster than the normal command.
> {code}
> fjk@x240 hadoop> time hadoop fs -ls hdfs://localhost:8020/ > /dev/null
> real	0m0.021s
> user	0m0.003s
> sys	0m0.011s
> {code}
> Using bash's function, commands and file names are automatically completed.
> {code}
> fjk@x240 hadoop> hadoop fs -ch<TAB><TAB>
> -checksum  -chgrp     -chmod     -chown
> fjk@x240 hadoop> hadoop fs -ls /file<TAB><TAB>
> /file1  /file2  /file3
> {code}
> Additionally, we can make equivalents with bash build-in commands, e.g., cd, umask. In
this shell, they can work because the daemon remembers the state.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message