Pallavi Palleti wrote:
Hi all,
I tried to trackdown to the place where I can add some conditions for not allowing
any remote user with username as hadoop(root user) (other than some specific
hostnames or ipaddresses). I could see the call path as FsShell ->
DistributedFileSystem ->DFSClient - ClientProtocol. As there is no way to debug
the code via eclipse (when I ran thru eclipse it points to LocalFileSystem), I
followed naive way of debugging by adding print commands. After DFSClient, I couldn't
figure out which Class is getting called. From the code, I could see only NameNode
extended ClientProtocol, so I was pretty sure that NameNode methods are getting
called, but I coudln't see my debug print statements in the logs when I added some
print statements in the namenode. Can some one help me what is the flow when a call
from Remote machine with same root user name(hadoop) is made?
I tried for mkdir command which essentially calls mkdirs() method in DFSClient
and there by ClientProtocol mkdirs() method.
-client side, there are a couple of places where there is an
exec("whoami") to determine the username.
-server side, everything goes through the namenode. You should put your
stuff there, if you want to defend against people using their own
versions of the hadoop libraries.
-No need to add print statements to trace flow, just set your log4j
settings to log at DEBUG to see lots of stuff.
-you can bring up a MiniMRCluster() in a single VM, which is how most of
the unit tests run. This will let you debug both ends of the DFS
conversation within the IDE.
