Return-Path: 
 <hdfs-dev-return-6885-apmail-hadoop-hdfs-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id DF5499DE5
	for <apmail-hadoop-hdfs-dev-archive@minotaur.apache.org>;
 Mon, 11 Jun 2012 23:21:02 +0000 (UTC)
Received: (qmail 29224 invoked by uid 500); 11 Jun 2012 23:21:02 -0000
Delivered-To: apmail-hadoop-hdfs-dev-archive@hadoop.apache.org
Received: (qmail 29165 invoked by uid 500); 11 Jun 2012 23:21:02 -0000
Mailing-List: contact hdfs-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-dev@hadoop.apache.org>
List-Id: <hdfs-dev.hadoop.apache.org>
Reply-To: hdfs-dev@hadoop.apache.org
Delivered-To: mailing list hdfs-dev@hadoop.apache.org
Received: (qmail 29142 invoked by uid 99); 11 Jun 2012 23:21:02 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jun 2012 23:21:02 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of rarecactus@gmail.com designates
 74.125.82.176 as permitted sender)
Received: from [74.125.82.176] (HELO mail-we0-f176.google.com) (74.125.82.176)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Jun 2012 23:20:56 +0000
Received: by weyr3 with SMTP id r3so3152615wey.35
        for <hdfs-dev@hadoop.apache.org>;
 Mon, 11 Jun 2012 16:20:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=JXVhLMz998VqEj8f9iZEy0qjrwvqHVowdhJaaqrYQYw=;
        b=Tv2nlmlioEhwFv1PBuE9Q3ADNGhscqcOAP191UWY30ayr0PnGq3banl7DGiK4QFqmL
         kkj1Bn54DD3TDywRAKgUufsltFPRHSBWCL66EtKrwr9ZeIq0HDLuyLIaJzVdJDOgjoNz
         UfsTsNg2bfr+Mg+KU/MlSWsEGek0JP7dXCS6L+u+7+Hhyk9uZsR6KoW8rbzdgk9hdJOZ
         eiSgQd4e04B5zKJK8e0yvfwU+KtIBwWKOC+2swjTnGRTn0WoP2I2GdyCCzd3dtnilJgE
         8tTjUTMWFYjkflt5ptpS4KiXHMvngrmnGdxyvsRxEsVgTvy+HQ0R6E95c2OX+L0iI29x
         fdvQ==
MIME-Version: 1.0
Received: by 10.180.99.195 with SMTP id es3mr24330352wib.12.1339456835807;
 Mon, 11 Jun 2012 16:20:35 -0700 (PDT)
Sender: rarecactus@gmail.com
Received: by 10.223.156.140 with HTTP; Mon, 11 Jun 2012 16:20:35 -0700 (PDT)
In-Reply-To: 
 <CAJs-t7MMsjsP=sA+a-7bQLvD05OiSqj4ic1L3AYSZP7zyHGoQw@mail.gmail.com>
References: 
 <CA+qbEUOzDJEzCnrW2fU2uPLm__a-_xqCJzEqLcQjCbQ6GXWi3w@mail.gmail.com>
	<CAJs-t7MMsjsP=sA+a-7bQLvD05OiSqj4ic1L3AYSZP7zyHGoQw@mail.gmail.com>
Date: Mon, 11 Jun 2012 16:20:35 -0700
X-Google-Sender-Auth: Cfpibbg6ewvOObt8lCIozwjQtMc
Message-ID: 
 <CA+qbEUOjuca2ZMv9ohTiwJLhgqNTOOu10EG4--qMdPR-3O2i7g@mail.gmail.com>
Subject: Re: validating user IDs
From: Colin McCabe <cmccabe@alumni.cmu.edu>
To: hdfs-dev@hadoop.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Sure.  We could also find the current user ID and bake that into the
test as an "acceptable" UID.  If that makes sense.

Colin


On Mon, Jun 11, 2012 at 4:12 PM, Alejandro Abdelnur <tucu@cloudera.com> wro=
te:
> Colin,
>
> Would be possible using some kind of cmake config magic to set a macro to
> the current OS limit? Even if this means detecting the OS version and
> assuming its default limit.
>
> thx
>
> On Mon, Jun 11, 2012 at 3:57 PM, Colin McCabe <cmccabe@alumni.cmu.edu>wro=
te:
>
>> Hi all,
>>
>> I recently pulled the latest source, and ran a full build. =A0The
>> command line was this:
>> mvn compile -Pnative
>>
>> I was confronted with this:
>>
>> [INFO] Requested user cmccabe has id 500, which is below the minimum
>> allowed 1000
>> [INFO] FAIL: test-container-executor
>> [INFO] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>> [INFO] 1 of 1 test failed
>> [INFO] Please report to mapreduce-dev@hadoop.apache.org
>> [INFO] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
>> [INFO] make[1]: *** [check-TESTS] Error 1
>> [INFO] make[1]: Leaving directory
>>
>> `/home/cmccabe/hadoop4/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-=
server/hadoop-yarn-server-nodemanager/target/native/container-executor'
>>
>> Needless to say, it didn't do much to improve my mood. =A0I was even
>> less happy when I discovered that -DskipTests has no effect on native
>> tests (they always run.) =A0See HADOOP-8480.
>>
>> Unfortunately, it seems like this problem is popping up more and more
>> in our native code. =A0It first appeared in test-task-controller (see
>> MAPREDUCE-2376) and then later in test-container-executor
>> (HADOOP-8499). =A0The basic problem seems to be the hardcoded assumption
>> that all user IDs below 1000 are system IDs.
>>
>> It is true that there are configuration files that can be changed to
>> alter the minimum user ID, but unfortunately these configuration files
>> are not used by the unit tests. =A0So anyone developing on a platform
>> where the user IDs start at 500 is now a second-class citizen, unable
>> to run unit tests. =A0This includes anyone running Red Hat, MacOS,
>> Fedora, etc.
>>
>> Personally, I can change my user ID. =A0It's a time-consuming process,
>> because I need to re-uid all files, but I can do it. =A0This luxury may
>> not be available to everyone, though-- developers who don't have root
>> on their machines, or are using a pre-assigned user ID to connect to
>> NFS come to mind.
>>
>> It's true that we could hack around this with environment variables.
>> It might even be possible to have Maven set these environment
>> variables automatically from the current user ID. =A0However, the larger
>> question I have here is whether this UID validation scheme even makes
>> any sense. =A0I have a user named "nobody" whose user ID is 65534.
>> Surely I should not be able to run map-reduce jobs as this user? =A0Yet,
>> under the current system, I can do exactly that. =A0The root of the
>> problem seems to be that there is both a default minimum and a default
>> maximum for "automatic" user IDs. =A0This configuration seems to be
>> stored in /etc/login.defs.
>>
>> On my system, it has:
>> SYSTEM_UID_MIN =A0 =A0 =A0 =A0 =A0 =A0100
>> SYSTEM_UID_MAX =A0 =A0 =A0 =A0 =A0 =A0499
>> UID_MIN =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0500
>> UID_MAX =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 60000
>>
>> So that means that anything over 60000 (like nobody) is not considered
>> a valid user ID for regular users.
>> We could potentially read this file (at least on Linux) and get more
>> sensible defaults.
>>
>> I am also curious if we could simply check whether the user we're
>> trying to run the job as has a valid login shell. =A0System users are
>> almost always set to have a login shell of /bin/false or
>> /sbin/nologin.
>>
>> Thoughts?
>> Colin
>>
>
>
>
> --
> Alejandro