Benoy Antony created HADOOP-10851:
-------------------------------------
Summary: NetgroupCache does not remove group memberships
Key: HADOOP-10851
URL: https://issues.apache.org/jira/browse/HADOOP-10851
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.4.1
Reporter: Benoy Antony
Assignee: Benoy Antony
_NetgroupCache_ is used by _GroupMappingServiceProvider_ implementations based
on net groups.
But it has a serious flaw in that once a user to group membership is
established, it remains forever even if user is actually removed from the
netgroup and cache is cleared. It is cleared only if the server is restarted.
To reproduce this:
* Cache a group with a set of users.
* Test membership correctness.
* Clear cache, remove a user from the group and cache the group again
* Expected result : user’s groups should not include the group from which
he/she is removed.
* Actual result : user’s groups includes the group from which he/she was
removed.
It is also noted that _NetgroupCache_ has concurrency issues and a separate
jira is filed to rectify them.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
