[jira] [Comment Edited] (RANGER-827) Use system supplied mechanism to get users and groups on unix

Wed, 27 Jan 2016 04:45:07 -0800 

    [ 
https://issues.apache.org/jira/browse/RANGER-827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15118093#comment-15118093
 ] 

Bolke de Bruin edited comment on RANGER-827 at 1/27/16 12:44 PM:
-----------------------------------------------------------------

This patch add support for using "getent" and is implemented equivalent to the 
NFS mapping support in hadoop and removes the less than ideal reliance on 
"/etc/passwd" and "/etc/group"

it adds "ranger.usersync.unix.update_millis_min" which defaults to 1 minute.

Next to that it adds support for adding "missing" users that are available in 
"getent groups", but do not get returned in "getent passwd" due to performance 
restrictions. This is activated by setting

ranger.usersync.group.idmapenabled to True



was (Author: bolke):
This patch add support for using "getent" and is implemented equivalent to the 
NFS mapping support in hadoop and removes the less than ideal reliance on 
"/etc/passwd" and "/etc/group"

it adds "ranger.usersync.unix.update_millis_min" which defaults to 1 minute.

Next to that it ass support for adding "missing" users that are available in 
"getent groups", but do not get returned in "getent passwd" due to performance 
restrictions. This is activated by setting

ranger.usersync.group.idmapenabled to True


> Use system supplied mechanism to get users and groups on unix
> -------------------------------------------------------------
>
>                 Key: RANGER-827
>                 URL: https://issues.apache.org/jira/browse/RANGER-827
>             Project: Ranger
>          Issue Type: Improvement
>          Components: usersync
>    Affects Versions: 0.5.1
>            Reporter: Bolke de Bruin
>              Labels: integration, pam, sssd, sync
>             Fix For: 0.5.1
>
>         Attachments: usersync.patch
>
>
> The unix user sync currently reads /etc/passwd /etc/groups . This is often 
> not a reflection of users and groups available on a system especially when 
> nsswitch is configured (eg. sssd, ldap etc).
> Secondly in some cases groups will contain user names that are not returned 
> with "getent passwd", especially "external users" and it is required to add 
> these using the group information.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to