Chen! It gets it from whatever is configured on the Namenode. https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping
HTH Ravi On Thu, Oct 13, 2016 at 7:43 PM, chen dong <chendong...@gmail.com> wrote: > Hi, > > Currently I am working on a project to enhance the security for the Hadoop > cluster. Eventually I will use Kerberos and Sentry for authentication and > authorisation. And the username and group mapping will come from AD/LDAP > (?), I think so. > > But now I am just learning and trying. I have a question and I haven’t > figure it out is > > *where the username/group mapping information come from? * > > As far as I know there is no username and group name for Hadoop and > username and group name come from the client wherever from local client > machine or Kerberos realm. But it is a little bit vague for me and can I > get the implementation details here? > > Is this information from the machine where HDFS client is located or from > the linux shell username and group on name node? Or it depends on the > context - even related to data node? What if the data nodes and name nodes > have different users or user-group mapping in the local boxes. > > Regards, > > Dong > >