Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 98F83200C24 for ; Thu, 23 Feb 2017 10:01:01 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 95E8D160B62; Thu, 23 Feb 2017 09:01:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D940E160B50 for ; Thu, 23 Feb 2017 10:01:00 +0100 (CET) Received: (qmail 5405 invoked by uid 500); 23 Feb 2017 09:01:00 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 5392 invoked by uid 99); 23 Feb 2017 09:01:00 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Feb 2017 09:01:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 69C41C695C for ; Thu, 23 Feb 2017 09:00:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.799 X-Spam-Level: * X-Spam-Status: No, score=1.799 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id tUW5XO5NbRMX for ; Thu, 23 Feb 2017 09:00:58 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 4F19C60DA6 for ; Thu, 23 Feb 2017 09:00:58 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id C2363E092E for ; Thu, 23 Feb 2017 09:00:54 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4DF3F24146 for ; Thu, 23 Feb 2017 09:00:54 +0000 (UTC) Date: Thu, 23 Feb 2017 09:00:54 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HADOOP-13817) Add a finite shell command timeout to ShellBasedUnixGroupsMapping MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 23 Feb 2017 09:01:01 -0000 [ https://issues.apache.org/jira/browse/HADOOP-13817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15880143#comment-15880143 ] ASF GitHub Bot commented on HADOOP-13817: ----------------------------------------- Github user jojochuang commented on a diff in the pull request: https://github.com/apache/hadoop/pull/161#discussion_r102665699 --- Diff: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ShellBasedUnixGroupsMapping.java --- @@ -133,8 +177,26 @@ protected ShellCommandExecutor createGroupIDExecutor(String userName) { groups = resolvePartialGroupNames(user, e.getMessage(), executor.getOutput()); } catch (PartialGroupNameException pge) { - LOG.warn("unable to return groups for user " + user, pge); - return new LinkedList<>(); + LOG.warn("unable to return groups for user {}", user, pge); + return EMPTY_GROUPS; + } + } catch (IOException ioe) { + // If its a shell executor timeout, indicate so in the message + // but treat the result as empty instead of throwing it up, + // similar to how partial resolution failures are handled above + if (executor.isTimedOut()) { + LOG.warn( + "Unable to return groups for user '{}' as shell group lookup " + + "command '{}' ran longer than the configured timeout limit of " + + "{} seconds.", + user, + Arrays.asList(executor.getExecString()), --- End diff -- I am +1 pending this and Jenkins precommit build. Somehow Jenkins is never run for your patches. > Add a finite shell command timeout to ShellBasedUnixGroupsMapping > ----------------------------------------------------------------- > > Key: HADOOP-13817 > URL: https://issues.apache.org/jira/browse/HADOOP-13817 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.6.0 > Reporter: Harsh J > Assignee: Harsh J > Priority: Minor > > The ShellBasedUnixGroupsMapping run various {{id}} commands via the ShellCommandExecutor modules without a timeout set (its set to 0, which implies infinite). > If this command hangs for a long time on the OS end due to an unresponsive groups backend or other reasons, it also blocks the handlers that use it on the NameNode (or other services that use this class). That inadvertently causes odd timeout troubles on the client end where its forced to retry (only to likely run into such hangs again with every attempt until at least one command returns). > It would be helpful to have a finite command timeout after which we may give up on the command and return the result equivalent of no groups found. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org