[
https://issues.apache.org/jira/browse/HADOOP-15213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dhirendra Khanka reopened HADOOP-15213:
---------------------------------------
> JniBasedUnixGroupsNetgroupMapping.java and
> ShellBasedUnixGroupsNetgroupMapping.java use netgroup.substring(1)
> --------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-15213
> URL: https://issues.apache.org/jira/browse/HADOOP-15213
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Environment: SUSE Linux Enterprise Server 11 (x86_64)
> VERSION = 11
> PATCHLEVEL = 3
> Reporter: Dhirendra Khanka
> Priority: Minor
>
>
> Part of the code below shown from below 2 classes
> org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping.java
> {code:java}
> protected synchronized List<String> getUsersForNetgroup(String netgroup) {
> String[] users = null;
> try {
> // JNI code does not expect '@' at the begining of the group name
> users = getUsersForNetgroupJNI(netgroup.substring(1));
> } catch (Exception e) {
> if (LOG.isDebugEnabled()) {
> LOG.debug("Error getting users for netgroup " + netgroup, e);
> } else {
> LOG.info("Error getting users for netgroup " + netgroup +
> ": " + e.getMessage());
> }
> }
> if (users != null && users.length != 0) {
> return Arrays.asList(users);
> }
> return new LinkedList<String>();
> }{code}
> org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping.java
>
> {code:java}
> protected String execShellGetUserForNetgroup(final String netgroup)
> throws IOException {
> String result = "";
> try
> { // shell command does not expect '@' at the begining of the group name
> result = Shell.execCommand(
> Shell.getUsersForNetgroupCommand(netgroup.substring(1))); }
> catch (ExitCodeException e)
> { // if we didn't get the group - just return empty list; LOG.warn("error
> getting users for netgroup " + netgroup, e); }
> return result;
> }
> {code}
> The comments from the code above expect the input to contain '@' , however
> when executing the shell directly the output has the below form which does
> not contain any ampersand symbol.
> {code:java}
> :~> getent netgroup mynetgroup1
> mynetgroup1 ( , a3xsds, ) ( , beekvkl, ) ( , redcuan, ) ( ,
> uedfmst, ){code}
>
> I have created a test code and removed the substring function and then ran it
> on the cluster using hadoop jar. The code returned netgroups correctly after
> the modification. I have limited knowledge on netgroup. The issue was
> discovered when
> hadoop.security.group.mapping =
> *org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback* was added
> to core-site.xml and it failed to apply netgroup access.
>
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
