[jira] [Updated] (MAPREDUCE-3417) job access controls not working app master and job history UI's

[Mahadev konar (Updated) (JIRA)]

     [ 
https://issues.apache.org/jira/browse/MAPREDUCE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mahadev konar updated MAPREDUCE-3417:
-------------------------------------

    Priority: Blocker  (was: Critical)
    
> job access controls not working app master and job history UI's
> ---------------------------------------------------------------
>
>                 Key: MAPREDUCE-3417
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3417
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: mrv2
>    Affects Versions: 0.23.0
>            Reporter: Thomas Graves
>            Assignee: Jonathan Eagles
>            Priority: Blocker
>
> tested with security on, no filters defined for httpserver, job acls set so 
> that only I could view/modify the job.  Then went to the web ui to app master 
> and job history server and both allowed me to view the job details.  The 
> webui shows the user "webuser".   The RM properly rejected my request 
> although it was using user "Dr.Who".    
> The exception shown in the log is:
> 11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser
> 11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception 
> trying to get groups for user webuser
> org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user
>         at org.apache.hadoop.util.Shell.runCommand(Shell.java:261)
>         at org.apache.hadoop.util.Shell.run(Shell.java:188)
>         at 
> org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381)
>         at org.apache.hadoop.util.Shell.execCommand(Shell.java:467)
>         at org.apache.hadoop.util.Shell.execCommand(Shell.java:450)
>         at 
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86)
>         at 
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55)
>         at org.apache.hadoop.security.Groups.getGroups(Groups.java:88)
>         at 
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043)
>         at 
> org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221)
>         at 
> org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103)
>         at 
> org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira