hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wei-Chiu Chuang <weic...@cloudera.com>
Subject Re: Where does Hadoop get username and group mapping from for linux shell username and group mapping?
Date Fri, 14 Oct 2016 18:54:59 GMT
If you want to drill down a bit, I recommend read this doc too: http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html
<http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html>
This is for trunk Hadoop 3.0, but most of it applies to 2.7/2.8

Wei-Chiu Chuang
A very happy Clouderan

> On Oct 14, 2016, at 11:33 AM, Ravi Prakash <ravihadoop@gmail.com> wrote:
> 
> Chen! 
> 
> It gets it from whatever is configured on the Namenode. https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping
<https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping>
> 
> HTH
> Ravi
> 
> On Thu, Oct 13, 2016 at 7:43 PM, chen dong <chendong.jy@gmail.com <mailto:chendong.jy@gmail.com>>
wrote:
> Hi, 
> 
> Currently I am working on a project to enhance the security for the Hadoop cluster. Eventually
I will use Kerberos and Sentry for authentication and authorisation. And the username and
group mapping will come from AD/LDAP (?), I think so. 
> 
> But now I am just learning and trying. I have a question and I haven’t figure it out
is
> 
> where the username/group mapping information come from? 
> 
> As far as I know there is no username and group name for Hadoop and username and group
name come from the client wherever from local client machine or Kerberos realm. But it is
a little bit vague for me and can I get the implementation details here? 
> 
> Is this information from the machine where HDFS client is located or from the linux shell
username and group on name node?  Or it depends on the context - even related to data node?
What if the data nodes and name nodes have different users or user-group mapping in the local
boxes. 
> 
> Regards,
> 
> Dong
> 
> 


Mime
View raw message