Return-Path: X-Original-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 56E2B17A52 for ; Wed, 3 Jun 2015 11:41:48 +0000 (UTC) Received: (qmail 26842 invoked by uid 500); 3 Jun 2015 11:41:41 -0000 Delivered-To: apmail-hadoop-mapreduce-user-archive@hadoop.apache.org Received: (qmail 26472 invoked by uid 500); 3 Jun 2015 11:41:41 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hadoop.apache.org Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 25647 invoked by uid 99); 3 Jun 2015 11:41:41 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2015 11:41:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id B3F7A1A444B for ; Wed, 3 Jun 2015 11:41:40 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.879 X-Spam-Level: ** X-Spam-Status: No, score=2.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id coLIEx0cFpmn for ; Wed, 3 Jun 2015 11:41:39 +0000 (UTC) Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 2AE4320C4B for ; Wed, 3 Jun 2015 11:41:39 +0000 (UTC) Received: by wifw1 with SMTP id w1so18423126wif.0 for ; Wed, 03 Jun 2015 04:40:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=OX3+qU7UzxUeR90Utqr++WbN07WZabS5A7M69VGeK6E=; b=t6NEJpxps3Os1sCWWD6Pu3ODirwjIQCSmbBGMCr+1qsaeBtZPk/pnqDhao8CZo1kAD y8oMKx/s4RlrgUahToA2V2qYeKyzUcZIt5cHs/I8tXFiOajzxyVZxToWOwej1WIEVahv i0vzVuMrkm4rIqZUg87GaaRijCe341mSilgAMdO9jW4q83ifjrtNLVIQexxhS8eSEaZT xqFtaBpKjrprhJCVGwTpSmtEuH7z8oYBwgDoOzlwpVDIjtLzgeLbbxH/Jg4v5WwXVqv1 YKXcIQFklaOvLNVVvZ6etOT3BSAret9v6huKNqIKf53EanFdSrHskY6NFR1uLHzzyMQz ZAgw== MIME-Version: 1.0 X-Received: by 10.194.59.112 with SMTP id y16mr58647045wjq.10.1433331653903; Wed, 03 Jun 2015 04:40:53 -0700 (PDT) Received: by 10.28.31.69 with HTTP; Wed, 3 Jun 2015 04:40:53 -0700 (PDT) Received: by 10.28.31.69 with HTTP; Wed, 3 Jun 2015 04:40:53 -0700 (PDT) In-Reply-To: References: Date: Wed, 3 Jun 2015 12:40:53 +0100 Message-ID: Subject: Re: HTTPFS without impersonation From: Wellington Chevreuil To: user@hadoop.apache.org Content-Type: multipart/alternative; boundary=047d7ba97cc4138b2905179b88f2 --047d7ba97cc4138b2905179b88f2 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, do u have below property on core-site.xml file used by your hdfs? hadoop.proxyuser.HTTP.hosts * hadoop.proxyuser.HTTP.groups * Hello all, We need to run several HTTPFS instances on our Hadoop cluster, with different users (basically, one HTTPFS per team). In our setup, each HTTPFS instance runs as a team user and is allowed write access to that user=E2=80=99s directory only (so, HTTPFS does not run as th= e httpfs user). However, this setup does not work, as we get exceptions related to impersonation, such as this one: {"RemoteException":{"message":"User: *team_user* is not allowed to impersonate *team_user* ","exception":"RemoteException","javaClassName":"org.apache.hadoop.ipc.Remo= teException"}} *So, it seems that HTTPFS unconditionally tries to impersonate a user, even though it=E2=80=99s running as that same user*. Is there a way to somehow d= isable impersonation? Thanks for your help. Regards, Nathaniel --047d7ba97cc4138b2905179b88f2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi, do u have below property on core-site.xml file used by y= our hdfs?

<property>
=C2=A0=C2=A0=C2=A0 <name>hadoop.proxyuser.HTTP.hosts</name>
=C2=A0=C2=A0=C2=A0 <value>*</value>
=C2=A0 </property>
=C2=A0 <property>
=C2=A0=C2=A0=C2=A0 <name>hadoop.proxyuser.HTTP.groups</name> =C2=A0=C2=A0=C2=A0 <value>*</value>
=C2=A0 </property>

Hello all,

=C2=A0

We need to run several HTTPFS instances on our Hadoo= p cluster, with different users (basically, one HTTPFS per team).=

=C2=A0

In our setup, each HTTPFS instance runs as a team us= er and is allowed write access to that user=E2=80=99s directory only (so, H= TTPFS does not run as the httpfs user).

=C2=A0

However, this setup does not work, as we get excepti= ons related to impersonation, such as this one:

=C2=A0

{"RemoteEx= ception":{"message":"User: team_user is not allowed to impersonate team_user","= ;exception":"RemoteException","javaClassName":&quo= t;org.apache.hadoop.ipc.RemoteException"}}

=C2=A0

So, it seems that HTTPFS unconditionally tries to= impersonate a user, even though it=E2=80=99s running as that same user= . Is there a way to somehow disable impersonation?

=C2=A0

Thanks for your help.

=C2=A0

Regards,

Nathaniel

=C2=A0

--047d7ba97cc4138b2905179b88f2--