[jira] [Commented] (MAPREDUCE-3417) job access controls not working app master and job history UI's

[Jonathan Eagles (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-3417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199491#comment-13199491
 ] 

Jonathan Eagles commented on MAPREDUCE-3417:
--------------------------------------------

javadoc warnings are due

[WARNING] Javadoc Warnings
[WARNING] javadoc: warning - Error fetching URL: 
http://java.sun.com/javase/6/docs/api/package-list

which is present in the trunk builds. HDFS-1857 seems to be the same issue.
                
> job access controls not working app master and job history UI's
> ---------------------------------------------------------------
>
>                 Key: MAPREDUCE-3417
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3417
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: mrv2
>    Affects Versions: 0.23.0
>            Reporter: Thomas Graves
>            Assignee: Jonathan Eagles
>            Priority: Blocker
>         Attachments: MAPREDUCE-3417.patch, MAPREDUCE-3417.patch, 
> MAPREDUCE-3417.patch, MAPREDUCE-3417.patch
>
>
> tested with security on, no filters defined for httpserver, job acls set so 
> that only I could view/modify the job.  Then went to the web ui to app master 
> and job history server and both allowed me to view the job details.  The 
> webui shows the user "webuser".   The RM properly rejected my request 
> although it was using user "Dr.Who".    
> The exception shown in the log is:
> 11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser
> 11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception 
> trying to get groups for user webuser
> org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user
>         at org.apache.hadoop.util.Shell.runCommand(Shell.java:261)
>         at org.apache.hadoop.util.Shell.run(Shell.java:188)
>         at 
> org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381)
>         at org.apache.hadoop.util.Shell.execCommand(Shell.java:467)
>         at org.apache.hadoop.util.Shell.execCommand(Shell.java:450)
>         at 
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86)
>         at 
> org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55)
>         at org.apache.hadoop.security.Groups.getGroups(Groups.java:88)
>         at 
> org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043)
>         at 
> org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221)
>         at 
> org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103)
>         at 
> org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313)
>         at 
> org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira