[ https://issues.apache.org/jira/browse/HADOOP-10851?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065935#comment-14065935 ]
Benoy Antony commented on HADOOP-10851: --------------------------------------- [~arpitagarwal], could you please review this patch ? > NetgroupCache does not remove group memberships > ----------------------------------------------- > > Key: HADOOP-10851 > URL: https://issues.apache.org/jira/browse/HADOOP-10851 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.4.1 > Reporter: Benoy Antony > Assignee: Benoy Antony > Attachments: HADOOP-10851.patch > > > _NetgroupCache_ is used by _GroupMappingServiceProvider_ implementations > based on net groups. > But it has a serious flaw in that once a user to group membership is > established, it remains forever even if user is actually removed from the > netgroup and cache is cleared. It is cleared only if the server is restarted. > To reproduce this: > * Cache a group with a set of users. > * Test membership correctness. > * Clear cache, remove a user from the group and cache the group again > * Expected result : user’s groups should not include the group from which > he/she is removed. > * Actual result : user’s groups includes the group from which he/she was > removed. > It is also noted that _NetgroupCache_ has concurrency issues and a separate > jira is filed to rectify them. -- This message was sent by Atlassian JIRA (v6.2#6252)