hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Junping Du (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-6792) Allow user's full principal name as owner of MapReduce staging directory in JobSubmissionFiles#JobStagingDir()
Date Thu, 20 Oct 2016 14:07:58 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-6792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15591907#comment-15591907
] 

Junping Du commented on MAPREDUCE-6792:
---------------------------------------

Thanks [~snayak] for addressing my comments above. The reason for comparing full principal
name in case insensitive way make sense to me. After adding unit test and get rid of duplicated
warn messages, the latest patch (03) LGTM. 
+1. Will commit it shortly.

> Allow user's full principal name as owner of MapReduce staging directory in JobSubmissionFiles#JobStagingDir()
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-6792
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-6792
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>          Components: client
>            Reporter: Santhosh G Nayak
>            Assignee: Santhosh G Nayak
>         Attachments: MAPREDUCE-6792.1.patch, MAPREDUCE-6792.2.patch, MAPREDUCE-6792.3.patch
>
>
> Background - 
> Currently, {{JobSubmissionFiles#JobStagingDir()}} assumes that file owner returned as
part of {{FileSystem#getFileStatus()}} is always user's short principal name, which is true
for HDFS. But, some file systems which are HDFS compatible like [Azure Data Lake Store (ADLS)
|https://azure.microsoft.com/en-in/services/data-lake-store/] and work in multi tenant environment
can have users with same names belonging to different domains. For example, {{user1@company1.com}}
and {{user1@company2.com}}. It will be ambiguous, if {{FileSystem#getFileStatus()}} returns
only the user's short principal name (without domain name) as the owner of the file/directory.

> The following code block allows only short user principal name as owner. It simply fails
saying that ownership on the staging directory is not as expected, if owner returned by the
{{FileStatus#getOwner()}} is not equal to short principal name of the current user.
> {code}
>     String realUser;
>     String currentUser;
>     UserGroupInformation ugi = UserGroupInformation.getLoginUser();
>     realUser = ugi.getShortUserName();
>     currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
>     if (fs.exists(stagingArea)) {
>       FileStatus fsStatus = fs.getFileStatus(stagingArea);
>       String owner = fsStatus.getOwner();
>       if (!(owner.equals(currentUser) || owner.equals(realUser))) {
>          throw new IOException("The ownership on the staging directory " +
>                       stagingArea + " is not as expected. " +
>                       "It is owned by " + owner + ". The directory must " +
>                       "be owned by the submitter " + currentUser + " or " +
>                       "by " + realUser);
>       }
> 	  {code}
> The proposal is to remove the strict restriction on short principal name by allowing
the user's full principal name as owner of staging area directory in {{JobSubmissionFiles#JobStagingDir()}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: mapreduce-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-help@hadoop.apache.org


Mime
View raw message