Re: Where does Hadoop get username and group mapping from for linux shell username and group mapping?

2016-10-14 Thread Wei-Chiu Chuang 
If you want to drill down a bit, I recommend read this doc too: 
http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/GroupsMapping.html
 

This is for trunk Hadoop 3.0, but most of it applies to 2.7/2.8

Wei-Chiu Chuang
A very happy Clouderan

> On Oct 14, 2016, at 11:33 AM, Ravi Prakash  wrote:
> 
> Chen! 
> 
> It gets it from whatever is configured on the Namenode. 
> https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping
>  
> 
> 
> HTH
> Ravi
> 
> On Thu, Oct 13, 2016 at 7:43 PM, chen dong  > wrote:
> Hi, 
> 
> Currently I am working on a project to enhance the security for the Hadoop 
> cluster. Eventually I will use Kerberos and Sentry for authentication and 
> authorisation. And the username and group mapping will come from AD/LDAP (?), 
> I think so. 
> 
> But now I am just learning and trying. I have a question and I haven’t figure 
> it out is
> 
> where the username/group mapping information come from? 
> 
> As far as I know there is no username and group name for Hadoop and username 
> and group name come from the client wherever from local client machine or 
> Kerberos realm. But it is a little bit vague for me and can I get the 
> implementation details here? 
> 
> Is this information from the machine where HDFS client is located or from the 
> linux shell username and group on name node?  Or it depends on the context - 
> even related to data node? What if the data nodes and name nodes have 
> different users or user-group mapping in the local boxes. 
> 
> Regards,
> 
> Dong
> 
>

Re: Where does Hadoop get username and group mapping from for linux shell username and group mapping?

2016-10-14 Thread Ravi Prakash 
Chen!

It gets it from whatever is configured on the Namenode.
https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping

HTH
Ravi

On Thu, Oct 13, 2016 at 7:43 PM, chen dong  wrote:

> Hi,
>
> Currently I am working on a project to enhance the security for the Hadoop
> cluster. Eventually I will use Kerberos and Sentry for authentication and
> authorisation. And the username and group mapping will come from AD/LDAP
> (?), I think so.
>
> But now I am just learning and trying. I have a question and I haven’t
> figure it out is
>
> *where the username/group mapping information come from? *
>
> As far as I know there is no username and group name for Hadoop and
> username and group name come from the client wherever from local client
> machine or Kerberos realm. But it is a little bit vague for me and can I
> get the implementation details here?
>
> Is this information from the machine where HDFS client is located or from
> the linux shell username and group on name node?  Or it depends on the
> context - even related to data node? What if the data nodes and name nodes
> have different users or user-group mapping in the local boxes.
>
> Regards,
>
> Dong
>
>