[ https://issues.apache.org/jira/browse/HDFS-11400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15861405#comment-15861405 ]
Allen Wittenauer edited comment on HDFS-11400 at 2/10/17 3:21 PM: ------------------------------------------------------------------ bq. Given NN resolves users from OS / Kerberos, this would mean the OS / Kerberos systems have already been compromised to have had fake users added? No, it doesn't. If I access a home dir as a privileged user (e.g., hdfs) then I'm not sure why there would be a validation made against an individual user's external existence. bq. How about these ideas? Honestly? It sounds like a lot of work for very little reward. Why is creating a directory such a heavy burden? Also, doesn't the NN plugin system already give one a way to implement this feature without clogging up the rest of the code base? bq. it seems silly in retrospect for admins to keep writing scripts to do this for every client when this could be solved once and for all via NN logic Whoever is building this on a per client basis\-\-if I'm interpreting that statement correctly\-\-probably is an extremely inexperienced admin. Take a step back from Hadoop and it becomes obvious: there are bits that have to get done outside the NN anyway. That usually includes account validation, group setup, etc, etc. Removing the hdfs dir creation doesn't really save a whole lot of time/effort (one or two commands). Instead, it adds a whole lot of burden by having to configure all of these other controls. was (Author: aw): bq. Given NN resolves users from OS / Kerberos, this would mean the OS / Kerberos systems have already been compromised to have had fake users added? No, it doesn't. If I access a home dir as a privileged user (e.g., hdfs) then I'm not sure why there would be a validation made against an individual user's external existence. bq. How about these ideas? Honestly? It sounds like a lot of work for very little reward. Why is creating a directory such a heavy burden? Also, doesn't the NN plugin system already give one a way to implement this feature without clogging up the rest of the code base? bq. it seems silly in retrospect for admins to keep writing scripts to do this for every client when this could be solved once and for all via NN logic Whoever is building this on a per client basis--if I'm interpreting that statement correctly--probably is an extremely inexperienced admin. Take a step back from Hadoop and it becomes obvious: there are bits that have to get done outside the NN anyway. That usually includes account validation, group setup, etc, etc. Removing the hdfs dir creation doesn't really save a whole lot of time/effort (one or two commands). Instead, it adds a whole lot of burden by having to configure all of these other controls. > Automatic HDFS Home Directory Creation > -------------------------------------- > > Key: HDFS-11400 > URL: https://issues.apache.org/jira/browse/HDFS-11400 > Project: Hadoop HDFS > Issue Type: New Feature > Components: hdfs, namenode > Affects Versions: 2.7.1 > Environment: HDP 2.4.2 > Reporter: Hari Sekhon > > Feature Request to add automatic home directory creation for HDFS users when > they are first resolved by the NameNode if their home directory does not > already exist, using configurable umask defaulting to 027. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org