[
https://issues.apache.org/jira/browse/HDFS-14176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16731211#comment-16731211
]
Dinesh Chitlangia edited comment on HDFS-14176 at 12/31/18 7:04 AM:
--------------------------------------------------------------------
[~jojochuang] - Thank you for reporting the issue and the detailed description.
Excluding the Test classes, the following occurrences are noted:
YARN/ApiServiceClient L211
YARN/CGroupsHandler L460
YARN/YarnServiceJobSubmitter L216
YARN/YarnClientImpl L1111 (here, it is using this pattern only if security is
not enabled)
Tools/SwiftNativeFileSystem L118
HDFS/FileSystemAccessService L176 (here, it is using this pattern only if
security == simple)
HDFS/RouterClientProtocol L129
Common/PseudoAuthenticator L85
Common/FileSystem L2233
Common/AbstractFileSystem L451
Common/KMSWebApp L91
Common/SFTPConnectionPool L146
Common/SshFenceByTcpPort L239
Ozone/ListVolumeHandler L79
Ozone/CreateVolumeHandler L82
I think we can create 3 JIRAs to track separately for YARN, Ozone, Common and
we can use the current jira for HDFS+Tools.
Let me know your thoughts.
was (Author: dineshchitlangia):
[~jojochuang] - Thank you for reporting the issue and the detailed description.
Excluding the Test classes, the following occurrences are noted:
YARN/YarnServiceJobSubmitter L216
YARN/YarnClientImpl L1111 (here, it is using this pattern only if security is
not enabled)
Tools/SwiftNativeFileSystem L118
HDFS/FileSystemAccessService L176 (here, it is using this pattern only if
security == simple)
HDFS/RouterClientProtocol L129
Ozone/ListVolumeHandler L79
Ozone/CreateVolumeHandler L82
I think we can create 2 JIRA to track separately for YARN, Ozone and we can use
the current jira for HDFS+Tools.
Let me know your thoughts.
> Replace incorrect use of system property user.name
> --------------------------------------------------
>
> Key: HDFS-14176
> URL: https://issues.apache.org/jira/browse/HDFS-14176
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 3.3.0
> Environment: Kerberized
> Reporter: Wei-Chiu Chuang
> Assignee: Dinesh Chitlangia
> Priority: Major
>
> Looking at the Hadoop source code, there are a few places where the code
> assumes the user name can be acquired from Java's system property
> {{user.name}}.
> For example,
> {code:java|title=FileSystem}
> /** Return the current user's home directory in this FileSystem.
> * The default implementation returns {@code "/user/$USER/"}.
> */
> public Path getHomeDirectory() {
> return this.makeQualified(
> new Path(USER_HOME_PREFIX + "/" + System.getProperty("user.name")));
> }
> {code}
> This is incorrect, as in a Kerberized environment, a user may login as a user
> principal different from its system login account.
> It would be better to use
> {{UserGroupInformation.getCurrentUser().getShortUserName()}}, similar to
> HDFS-12485.
> Unfortunately, I am seeing this improper use in Yarn, HDFS federation
> SFTPFilesystem and Ozone code (tests are ignored)
> The impact should be small, since it only affects the case where system is
> Kerberized and that the user principal is different from system login account.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
