[
https://issues.apache.org/jira/browse/HDFS-14620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16876112#comment-16876112
]
He Xiaoqiao commented on HDFS-14620:
------------------------------------
Thanks [~Huachao],
{quote}
I guess the same problem will also be there for enable nameservice too? We may
check that too
{quote}
Sure, everywhere invoke {{RouterPermissionChecker#checkSuperuserPrivilege}}
will meet this issue. It includes {{RouterAdminServer#disableNameservice}} and
{{RouterAdminServer#enableNameservice}}.
It is better to create a kerberos principal name which is super user just as
[~Huachao] said above to cover this case.
{code:java}
final String username = RouterAdminServer.getSuperUser() + "@Example.com";
{code}
+1 after add unit test to cover. Thanks [~Huachao].
> RBF: when Disable namespace in kerberos with superuser's principal, ERROR
> appear 'not a super user'
> ----------------------------------------------------------------------------------------------------
>
> Key: HDFS-14620
> URL: https://issues.apache.org/jira/browse/HDFS-14620
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 3.30
> Reporter: luhuachao
> Assignee: luhuachao
> Priority: Major
> Attachments: HDFS-14620-HDFS-13891-01.patch
>
>
> use superuser hdfs's principal hdfs-test@EXAMPLE cannot disable namespace
> with error info below, as the code judge the principal not equals to hdfs,
> also hdfs is not belong to supergroup.
> {code:java}
> [hdfs@host1 ~]$ hdfs dfsrouteradmin -nameservice disable ns2 nameservice:
> hdfs-test@EXAMPLE is not a super user at
> org.apache.hadoop.hdfs.server.federation.router.RouterPermissionChecker.checkSuperuserPrivilege(RouterPermissionChecker.java:136)
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
