[
https://issues.apache.org/jira/browse/MAPREDUCE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199430#comment-13199430
]
Hadoop QA commented on MAPREDUCE-3417:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12513067/MAPREDUCE-3417.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
-1 javadoc. The javadoc tool appears to have generated 3 warning messages.
+1 javac. The applied patch does not increase the total number of javac
compiler warnings.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9)
warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed unit tests in .
+1 contrib tests. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1756//testReport/
Console output:
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1756//console
This message is automatically generated.
> job access controls not working app master and job history UI's
> ---------------------------------------------------------------
>
> Key: MAPREDUCE-3417
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3417
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3417.patch, MAPREDUCE-3417.patch,
> MAPREDUCE-3417.patch, MAPREDUCE-3417.patch
>
>
> tested with security on, no filters defined for httpserver, job acls set so
> that only I could view/modify the job. Then went to the web ui to app master
> and job history server and both allowed me to view the job details. The
> webui shows the user "webuser". The RM properly rejected my request
> although it was using user "Dr.Who".
> The exception shown in the log is:
> 11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser
> 11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception
> trying to get groups for user webuser
> org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user
> at org.apache.hadoop.util.Shell.runCommand(Shell.java:261)
> at org.apache.hadoop.util.Shell.run(Shell.java:188)
> at
> org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381)
> at org.apache.hadoop.util.Shell.execCommand(Shell.java:467)
> at org.apache.hadoop.util.Shell.execCommand(Shell.java:450)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86)
> at
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55)
> at org.apache.hadoop.security.Groups.getGroups(Groups.java:88)
> at
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043)
> at
> org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221)
> at
> org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103)
> at
> org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325)
> at
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292)
> at
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313)
> at
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
