[ https://issues.apache.org/jira/browse/HADOOP-9436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14307638#comment-14307638 ]
Hadoop QA commented on HADOOP-9436: ----------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12575748/HADOOP-9436.patch against trunk revision b6466de. {color:red}-1 patch{color}. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/5606//console This message is automatically generated. > NetgroupCache does not refresh membership correctly > --------------------------------------------------- > > Key: HADOOP-9436 > URL: https://issues.apache.org/jira/browse/HADOOP-9436 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 3.0.0, 2.0.3-alpha, 0.23.7 > Reporter: Kihwal Lee > Assignee: Kihwal Lee > Attachments: HADOOP-9436.patch > > > NetgroupCache is used to get around the problem of inability to obtain a > single user-to-groups mapping from netgroup. For example, the ACL code > pre-populates this cache, so that any user-group mapping can be resolved for > all groups defined in the service. > However, the current refresh code only adds users to existing groups, so a > loss of group membership won't take effect. This is because the internal > user-groups mapping cache is never invalidated. If this is simply invalidated > on clear(), the cache entries will build up correctly, but user-group > resolution may fail during refresh, resulting in incorrectly denying accesses. -- This message was sent by Atlassian JIRA (v6.3.4#6332)