[ https://issues.apache.org/jira/browse/HADOOP-13817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15871062#comment-15871062 ]
ASF GitHub Bot commented on HADOOP-13817: ----------------------------------------- Github user QwertyManiac commented on a diff in the pull request: https://github.com/apache/hadoop/pull/161#discussion_r101673820 --- Diff: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ShellBasedUnixGroupsMapping.java --- @@ -225,8 +287,16 @@ protected ShellCommandExecutor createGroupIDExecutor(String userName) { throw new PartialGroupNameException("failed to get group id list for " + "user '" + userName + "'", ece); } catch (IOException ioe) { - throw new PartialGroupNameException("can't execute the shell command to" - + " get the list of group id for user '" + userName + "'", ioe); + String message = + "Can't execute the shell command to " + + "get the list of group id for user '" + userName + "'"; + if (exec2.isTimedOut()) { + message += + " because of the command taking longer than " + + "the configured timeout: " + timeout + " seconds"; + throw new PartialGroupNameException(message); --- End diff -- Thanks, addressed in new commit. I just felt the timeout exception may look weird, but I've dropped the line so we can be consistent in exposing the exception at all times. > Add a finite shell command timeout to ShellBasedUnixGroupsMapping > ----------------------------------------------------------------- > > Key: HADOOP-13817 > URL: https://issues.apache.org/jira/browse/HADOOP-13817 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.6.0 > Reporter: Harsh J > Assignee: Harsh J > Priority: Minor > > The ShellBasedUnixGroupsMapping run various {{id}} commands via the > ShellCommandExecutor modules without a timeout set (its set to 0, which > implies infinite). > If this command hangs for a long time on the OS end due to an unresponsive > groups backend or other reasons, it also blocks the handlers that use it on > the NameNode (or other services that use this class). That inadvertently > causes odd timeout troubles on the client end where its forced to retry (only > to likely run into such hangs again with every attempt until at least one > command returns). > It would be helpful to have a finite command timeout after which we may give > up on the command and return the result equivalent of no groups found. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org