ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-827) Use system supplied mechanism to get users and groups on unix
Date Tue, 26 Jan 2016 21:38:39 GMT

     [ https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bolke de Bruin updated RANGER-827:
----------------------------------
    Attachment: usersync.patch

This patch add support for using "getent" and is implemented equivalent to the NFS mapping
support in hadoop and removes the less than ideal reliance on "/etc/passwd" and "/etc/group"

it adds "ranger.usersync.unix.update_millis_min" which defaults to 1 minute.

Next to that it ass support for adding "missing" users that are available in "getent groups",
but do not get returned in "getent passwd" due to performance restrictions. This is activated
by setting

ranger.usersync.group.idmapenabled to True


> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>            Reporter: Bolke de Bruin
>         Attachments: usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often not a reflection
of users and groups available on a system especially when nsswitch is configured (eg. sssd,
ldap etc).
> Secondly in some cases groups will contain user names that are not returned with "getent
passwd", especially "external users" and is is required to add these using the group information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message