hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colin Patrick McCabe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5471) CacheAdmin -listPools fails when user lacks permissions to view all pools
Date Tue, 12 Nov 2013 01:50:17 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13819729#comment-13819729
] 

Colin Patrick McCabe commented on HDFS-5471:
--------------------------------------------

thanks, this is a good cleanup.  How about creating {{InvalidRequestException}} instead of
{{InvalidDirectiveException}}?  The latter feels too specific to caching.  Also this would
mean we could use it for the cache pool add/modify/etc rather than just adddirective, etc.
 Sort of our equivalent to EINVAL.

> CacheAdmin -listPools fails when user lacks permissions to view all pools
> -------------------------------------------------------------------------
>
>                 Key: HDFS-5471
>                 URL: https://issues.apache.org/jira/browse/HDFS-5471
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: tools
>    Affects Versions: 3.0.0
>            Reporter: Stephen Chu
>            Assignee: Andrew Wang
>         Attachments: hdfs-5471-1.patch
>
>
> When a user does not have read permissions to a cache pool and executes "hdfs cacheadmin
-listPools" the command will error complaining about missing required fields with something
like:
> {code}
> [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
> Exception in thread "main" org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.ipc.RemoteException):
Message missing required fields: ownerName, groupName, mode, weight
> 	at com.google.protobuf.AbstractMessage$Builder.newUninitializedMessageException(AbstractMessage.java:770)
> 	at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ListCachePoolsResponseElementProto$Builder.build(ClientNamenodeProtocolProtos.java:51722)
> 	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.listCachePools(ClientNamenodeProtocolServerSideTranslatorPB.java:1200)
> 	at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> 	at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:605)
> 	at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:932)
> 	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2057)
> 	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2053)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:396)
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1515)
> 	at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2051)
> 	at org.apache.hadoop.hdfs.tools.CacheAdmin$ListCachePoolsCommand.run(CacheAdmin.java:675)
> 	at org.apache.hadoop.hdfs.tools.CacheAdmin.run(CacheAdmin.java:85)
> 	at org.apache.hadoop.hdfs.tools.CacheAdmin.main(CacheAdmin.java:90)
> [schu@hdfs-nfs ~]$ 
> {code}
> In this example, the pool "root" has 750 permissions, and the root superuser is able
to successfully -listPools:
> {code}
> [root@hdfs-nfs ~]# hdfs cacheadmin -listPools
> Found 4 results.
> NAME  OWNER  GROUP  MODE       WEIGHT 
> bar   root   root   rwxr-xr-x  100    
> foo   root   root   rwxr-xr-x  100    
> root  root   root   rwxr-x---  100    
> schu  root   root   rwxr-xr-x  100    
> [root@hdfs-nfs ~]# 
> {code}
> When we modify the root pool to mode 755, schu user can now -listPools successfully without
error.
> {code}
> [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
> Found 4 results.
> NAME  OWNER  GROUP  MODE       WEIGHT 
> bar   root   root   rwxr-xr-x  100    
> foo   root   root   rwxr-xr-x  100    
> root  root   root   rwxr-xr-x  100    
> schu  root   root   rwxr-xr-x  100    
> [schu@hdfs-nfs ~]$ 
> {code}



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message