[jira] [Commented] (HDFS-5471) CacheAdmin -listPools fails when user lacks permissions to view all pools

Hudson (JIRA) Wed, 13 Nov 2013 05:51:13 -0800

    [ 
https://issues.apache.org/jira/browse/HDFS-5471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13821350#comment-13821350
 ]


Hudson commented on HDFS-5471:
------------------------------

SUCCESS: Integrated in Hadoop-Hdfs-trunk #1581 (See 
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1581/])
HDFS-5471. CacheAdmin -listPools fails when user lacks permissions to view all 
pools (Andrew Wang via Colin Patrick McCabe) (cmccabe: 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1541323)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/IdNotFoundException.java
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/InvalidRequestException.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolServerSideTranslatorPB.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/ClientNamenodeProtocolTranslatorPB.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelper.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/CacheManager.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/CachePool.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/ClientNamenodeProtocol.proto
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestPathBasedCacheRequests.java


> CacheAdmin -listPools fails when user lacks permissions to view all pools
> -------------------------------------------------------------------------
>
>                 Key: HDFS-5471
>                 URL: https://issues.apache.org/jira/browse/HDFS-5471
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: tools
>    Affects Versions: 3.0.0
>            Reporter: Stephen Chu
>            Assignee: Andrew Wang
>             Fix For: 3.0.0
>
>         Attachments: hdfs-5471-1.patch, hdfs-5471-2.patch, hdfs-5471-3.patch
>
>
> When a user does not have read permissions to a cache pool and executes "hdfs 
> cacheadmin -listPools" the command will error complaining about missing 
> required fields with something like:
> {code}
> [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
> Exception in thread "main" 
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.ipc.RemoteException): 
> Message missing required fields: ownerName, groupName, mode, weight
>       at 
> com.google.protobuf.AbstractMessage$Builder.newUninitializedMessageException(AbstractMessage.java:770)
>       at 
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ListCachePoolsResponseElementProto$Builder.build(ClientNamenodeProtocolProtos.java:51722)
>       at 
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.listCachePools(ClientNamenodeProtocolServerSideTranslatorPB.java:1200)
>       at 
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
>       at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:605)
>       at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:932)
>       at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2057)
>       at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2053)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:396)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1515)
>       at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2051)
>       at 
> org.apache.hadoop.hdfs.tools.CacheAdmin$ListCachePoolsCommand.run(CacheAdmin.java:675)
>       at org.apache.hadoop.hdfs.tools.CacheAdmin.run(CacheAdmin.java:85)
>       at org.apache.hadoop.hdfs.tools.CacheAdmin.main(CacheAdmin.java:90)
> [schu@hdfs-nfs ~]$ 
> {code}
> In this example, the pool "root" has 750 permissions, and the root superuser 
> is able to successfully -listPools:
> {code}
> [root@hdfs-nfs ~]# hdfs cacheadmin -listPools
> Found 4 results.
> NAME  OWNER  GROUP  MODE       WEIGHT 
> bar   root   root   rwxr-xr-x  100    
> foo   root   root   rwxr-xr-x  100    
> root  root   root   rwxr-x---  100    
> schu  root   root   rwxr-xr-x  100    
> [root@hdfs-nfs ~]# 
> {code}
> When we modify the root pool to mode 755, schu user can now -listPools 
> successfully without error.
> {code}
> [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
> Found 4 results.
> NAME  OWNER  GROUP  MODE       WEIGHT 
> bar   root   root   rwxr-xr-x  100    
> foo   root   root   rwxr-xr-x  100    
> root  root   root   rwxr-xr-x  100    
> schu  root   root   rwxr-xr-x  100    
> [schu@hdfs-nfs ~]$ 
> {code}



--
This message was sent by Atlassian JIRA
(v6.1#6144)

[jira] [Commented] (HDFS-5471) CacheAdmin -listPools fails when user lacks permissions to view all pools

Reply via email to