[
https://issues.apache.org/jira/browse/HADOOP-8611?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13435202#comment-13435202
]
Robert Joseph Evans commented on HADOOP-8611:
---------------------------------------------
The code looks good, but I have a few comments.
# There are tabs in the patch, please update it to use spaces instead.
# The way the patch is getting the impl instance is very repetative. I think
it would be simpler to do the following {code}
Class<GroupMappingServiceProvider> clazz =
conf.getClass(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
ShellBasedUnixGroupsMapping.class,
GroupMappingServiceProvider.class);
if
(conf.getBoolean(CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING_ALLOW_FALLBACK,
false) &&
!NativeCodeLoader.isNativeCodeLoaded()) {
LOG.info("Falling back to Shell Based Groups");
clazz = ShellBasedUnixGroupsMapping.class;
}
impl = ReflectionUtils.newInstance(clazz, conf);
{code}
# It would be good to update
./hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
with the new config option
# Do we want to check explicitly for JniBasedUnixGroupsMapping and
JniBasedUnixGroupsNetgroupMapping? or perhaps move some of this code over into
those classes explicitly instead? It seems like configuring LdapGroupsMapping
with fallback enabled and non-native code would never work. Also there would
be issues with JniBasedUnixGroupsNetgroupMapping and fallback. Is this the
reason for having the fallback enable?
> Allow fall-back to the shell-based implementation when JNI-based users-group
> mapping fails
> ------------------------------------------------------------------------------------------
>
> Key: HADOOP-8611
> URL: https://issues.apache.org/jira/browse/HADOOP-8611
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 1.0.3, 0.23.0, 2.0.0-alpha
> Reporter: Kihwal Lee
> Assignee: Robert Parker
> Fix For: 1.1.1, 0.23.3, 3.0.0, 2.2.0-alpha
>
> Attachments: HADOOP-8611.patch
>
>
> When the JNI-based users-group mapping is enabled, the process/command will
> fail if the native library, libhadoop.so, cannot be found. This mostly
> happens at client-side where users may use hadoop programatically. Instead of
> failing, falling back to the shell-based implementation will be desirable.
> Depending on how cluster is configured, use of the native netgroup mapping
> cannot be subsituted by the shell-based default. For this reason, this
> behavior must be configurable with the default being "disabled".
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
