hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7146) NFS ID/Group lookup requires SSSD enumeration on the server
Date Mon, 06 Oct 2014 21:10:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14160952#comment-14160952
] 

Yongjun Zhang commented on HDFS-7146:
-------------------------------------

Thanks [~aw].

Seems the requirement on user name varies. For example, I can add user with numerical username
on my system:

[yzhang@localhost hadoop]$ su adduser 23456
su: user adduser does not exist
[yzhang@localhost hadoop]$ sudo adduser 23456
[sudo] password for yzhang: 
[yzhang@localhost hadoop]$ getent passwd | grep 23456
23456:x:504:505::/home/23456:/bin/bash
[yzhang@localhost hadoop]$ 

We had cases where use numerical user names are used often. See HDFS-4983.

I wish there is a portable command like "id" to address this issue better. Otherwise, we might
do the following:

1. do incremental update to the map
2. do full load of passwd or group when the name is numerial

I will do some more study, comments are welcome.

Thanks.



> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
>                 Key: HDFS-7146
>                 URL: https://issues.apache.org/jira/browse/HDFS-7146
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.6.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>         Attachments: HDFS-7146.001.patch, HDFS-7146.002.allIncremental.patch, HDFS-7146.003.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running 'getent passwd'
with an assumption that it will return the entire list of users available on the OS, local
and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by administrators in
most secure setups to avoid excessive load to the ADs involved, as the # of users to be listed
may be too large, and the repeated requests of ALL users not present in the cache would be
too much for the AD infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via 'getent
passwd <UID>', if the UID does not match a cached value. This reduces load on the LDAP
backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message