[
https://issues.apache.org/jira/browse/HADOOP-13817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15871062#comment-15871062
]
ASF GitHub Bot commented on HADOOP-13817:
-----------------------------------------
Github user QwertyManiac commented on a diff in the pull request:
https://github.com/apache/hadoop/pull/161#discussion_r101673820
--- Diff:
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ShellBasedUnixGroupsMapping.java
---
@@ -225,8 +287,16 @@ protected ShellCommandExecutor
createGroupIDExecutor(String userName) {
throw new PartialGroupNameException("failed to get group id list
for " +
"user '" + userName + "'", ece);
} catch (IOException ioe) {
- throw new PartialGroupNameException("can't execute the shell
command to"
- + " get the list of group id for user '" + userName + "'", ioe);
+ String message =
+ "Can't execute the shell command to " +
+ "get the list of group id for user '" + userName + "'";
+ if (exec2.isTimedOut()) {
+ message +=
+ " because of the command taking longer than " +
+ "the configured timeout: " + timeout + " seconds";
+ throw new PartialGroupNameException(message);
--- End diff --
Thanks, addressed in new commit. I just felt the timeout exception may look
weird, but I've dropped the line so we can be consistent in exposing the
exception at all times.
> Add a finite shell command timeout to ShellBasedUnixGroupsMapping
> -----------------------------------------------------------------
>
> Key: HADOOP-13817
> URL: https://issues.apache.org/jira/browse/HADOOP-13817
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: Harsh J
> Assignee: Harsh J
> Priority: Minor
>
> The ShellBasedUnixGroupsMapping run various {{id}} commands via the
> ShellCommandExecutor modules without a timeout set (its set to 0, which
> implies infinite).
> If this command hangs for a long time on the OS end due to an unresponsive
> groups backend or other reasons, it also blocks the handlers that use it on
> the NameNode (or other services that use this class). That inadvertently
> causes odd timeout troubles on the client end where its forced to retry (only
> to likely run into such hangs again with every attempt until at least one
> command returns).
> It would be helpful to have a finite command timeout after which we may give
> up on the command and return the result equivalent of no groups found.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
