hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7214) Hadoop /usr/bin/groups equivalent
Date Thu, 07 Apr 2011 14:58:06 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13016860#comment-13016860

Daryn Sharp commented on HADOOP-7214:

bq. ...except Hadoop is told what groups a user belongs to by an external source. Why shouldn't
it be the responsibility of the external source to share this information? We're the consumer,
not the provider when it comes to naming services.

Leaving it up to the client to implement groups creates a non-portable and brittle/maintenance-prone
solution.  Ex. must know the source(s) of authority, how to interact with the authorities,
dealing with possible ACL issues, knowing any additional constraints, keeping pace with changes
to the environment, etc.

I found the following insightful comment in the security code.

A user-to-groups mapping service.
{@link Groups} allows for server to get the various group memberships
of a given user via the {@link #getGroups(String)} call, thus ensuring
a consistent user-to-groups mapping and protects against vagaries of
different mappings on servers and clients in a Hadoop cluster.

> Hadoop /usr/bin/groups equivalent
> ---------------------------------
>                 Key: HADOOP-7214
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7214
>             Project: Hadoop Common
>          Issue Type: New Feature
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: hadoop-7214.0.txt, hadoop-7214.1.txt
> Since user -> groups resolution is done on the NN and JT machines, there should be
a way for users to determine what groups they're a member of from the NN's and JT's perspective.

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message