[
https://issues.apache.org/jira/browse/MAPREDUCE-6792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15591907#comment-15591907
]
Junping Du commented on MAPREDUCE-6792:
---------------------------------------
Thanks [~snayak] for addressing my comments above. The reason for comparing
full principal name in case insensitive way make sense to me. After adding unit
test and get rid of duplicated warn messages, the latest patch (03) LGTM.
+1. Will commit it shortly.
> Allow user's full principal name as owner of MapReduce staging directory in
> JobSubmissionFiles#JobStagingDir()
> --------------------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-6792
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6792
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: client
> Reporter: Santhosh G Nayak
> Assignee: Santhosh G Nayak
> Attachments: MAPREDUCE-6792.1.patch, MAPREDUCE-6792.2.patch,
> MAPREDUCE-6792.3.patch
>
>
> Background -
> Currently, {{JobSubmissionFiles#JobStagingDir()}} assumes that file owner
> returned as part of {{FileSystem#getFileStatus()}} is always user's short
> principal name, which is true for HDFS. But, some file systems which are HDFS
> compatible like [Azure Data Lake Store (ADLS)
> |https://azure.microsoft.com/en-in/services/data-lake-store/] and work in
> multi tenant environment can have users with same names belonging to
> different domains. For example, {{[email protected]}} and
> {{[email protected]}}. It will be ambiguous, if
> {{FileSystem#getFileStatus()}} returns only the user's short principal name
> (without domain name) as the owner of the file/directory.
> The following code block allows only short user principal name as owner. It
> simply fails saying that ownership on the staging directory is not as
> expected, if owner returned by the {{FileStatus#getOwner()}} is not equal to
> short principal name of the current user.
> {code}
> String realUser;
> String currentUser;
> UserGroupInformation ugi = UserGroupInformation.getLoginUser();
> realUser = ugi.getShortUserName();
> currentUser = UserGroupInformation.getCurrentUser().getShortUserName();
> if (fs.exists(stagingArea)) {
> FileStatus fsStatus = fs.getFileStatus(stagingArea);
> String owner = fsStatus.getOwner();
> if (!(owner.equals(currentUser) || owner.equals(realUser))) {
> throw new IOException("The ownership on the staging directory " +
> stagingArea + " is not as expected. " +
> "It is owned by " + owner + ". The directory must " +
> "be owned by the submitter " + currentUser + " or " +
> "by " + realUser);
> }
> {code}
> The proposal is to remove the strict restriction on short principal name by
> allowing the user's full principal name as owner of staging area directory in
> {{JobSubmissionFiles#JobStagingDir()}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
