Return-Path: X-Original-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0BEC0908A for ; Fri, 3 Feb 2012 17:56:16 +0000 (UTC) Received: (qmail 42430 invoked by uid 500); 3 Feb 2012 17:56:15 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 42363 invoked by uid 500); 3 Feb 2012 17:56:15 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 42353 invoked by uid 99); 3 Feb 2012 17:56:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2012 17:56:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2012 17:56:13 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id D00F618B3D6 for ; Fri, 3 Feb 2012 17:55:53 +0000 (UTC) Date: Fri, 3 Feb 2012 17:55:53 +0000 (UTC) From: "Hadoop QA (Commented) (JIRA)" To: mapreduce-issues@hadoop.apache.org Message-ID: <913436337.8339.1328291753853.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <1478354833.36212.1321477311908.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (MAPREDUCE-3417) job access controls not working app master and job history UI's MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/MAPREDUCE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199909#comment-13199909 ] Hadoop QA commented on MAPREDUCE-3417: -------------------------------------- +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12513146/MAPREDUCE-3417.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1763//testReport/ Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1763//console This message is automatically generated. > job access controls not working app master and job history UI's > --------------------------------------------------------------- > > Key: MAPREDUCE-3417 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-3417 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: mrv2 > Affects Versions: 0.23.0 > Reporter: Thomas Graves > Assignee: Jonathan Eagles > Priority: Blocker > Attachments: MAPREDUCE-3417.patch, MAPREDUCE-3417.patch, MAPREDUCE-3417.patch, MAPREDUCE-3417.patch, MAPREDUCE-3417.patch, MAPREDUCE-3417.patch > > > tested with security on, no filters defined for httpserver, job acls set so that only I could view/modify the job. Then went to the web ui to app master and job history server and both allowed me to view the job details. The webui shows the user "webuser". The RM properly rejected my request although it was using user "Dr.Who". > The exception shown in the log is: > 11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser > 11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user webuser > org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user > at org.apache.hadoop.util.Shell.runCommand(Shell.java:261) > at org.apache.hadoop.util.Shell.run(Shell.java:188) > at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381) > at org.apache.hadoop.util.Shell.execCommand(Shell.java:467) > at org.apache.hadoop.util.Shell.execCommand(Shell.java:450) > at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86) > at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55) > at org.apache.hadoop.security.Groups.getGroups(Groups.java:88) > at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043) > at org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221) > at org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103) > at org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325) > at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292) > at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313) > at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira