[jira] [Commented] (HADOOP-12296) when setnetgrent returns 0 in linux, exception should be thrown

Tue, 04 Aug 2015 07:37:30 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14653732#comment-14653732
 ] 

Jason Lowe commented on HADOOP-12296:
-------------------------------------

bq. Is throwing an exception really the correct thing to do when a netgroup 
doesn't exist? That seems particularly drastic.
Throwing an exception makes sense to me given the context in which this is 
used.  This code is only called in one place, and here's what it does:
{code:title=JniBasedUnixGroupsNetgroupMapping.java}
  protected synchronized List<String> getUsersForNetgroup(String netgroup) {
    String[] users = null;
    try {
      // JNI code does not expect '@' at the begining of the group name
      users = getUsersForNetgroupJNI(netgroup.substring(1));
    } catch (Exception e) {
      if (LOG.isDebugEnabled()) {
        LOG.debug("Error getting users for netgroup " + netgroup, e);
      } else {
        LOG.info("Error getting users for netgroup " + netgroup + 
            ": " + e.getMessage());
      }
    }
    if (users != null && users.length != 0) {
      return Arrays.asList(users);
    }
    return new LinkedList<String>();
  }
{code}

As it is today, setnetgrent errors are silently ignored.  The C code behaves as 
if the netgroup exists but is empty.  No error or warning is logged, so if 
someone accidentally specifies a bogus netgroup in some ACL conf property 
(e.g.: who has access to this scheduler queue) or if there's a problem 
performing the lookup on a particular netgroup then there will be no diagnostic 
whatsoever.  That's not very helpful when someone is trying to figure out why 
permissions aren't working properly.  If we start throwing an exception when 
setnetgrent fails then we will still act as if the netgroup exists and is 
empty, but at least we'll log a message indicating something went wrong with 
that netgroup lookup.

[~lichangleo] have you tested this change?

> when setnetgrent returns 0 in linux, exception should be thrown
> ---------------------------------------------------------------
>
>                 Key: HADOOP-12296
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12296
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Chang Li
>            Assignee: Chang Li
>         Attachments: HADOOP-12296.2.patch, HADOOP-12296.patch
>
>
> In linux, setnetgrent returns 0 in linux when something wrong is happen, such 
> as out of memory, unknown group, unavailable service, etc. So errorMessage 
> should be set and exception should be thrown



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to