[
https://issues.apache.org/jira/browse/HDFS-4295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13544539#comment-13544539
]
Aaron T. Myers commented on HDFS-4295:
--------------------------------------
You need to be root in order to bind to low ports, jsvc doesn't have anything
to do with that. The DN uses jsvc so that it can start as root, bind to the low
port, and then switch users to hdfs for the rest of its run. So, you need to
start the DN as root when enabling security and running with jsvc - no way
around that.
> Using port 1023 should be valid when starting Secure DataNode
> -------------------------------------------------------------
>
> Key: HDFS-4295
> URL: https://issues.apache.org/jira/browse/HDFS-4295
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Stephen Chu
> Assignee: Stephen Chu
> Labels: trivial
> Fix For: 3.0.0, 2.0.3-alpha
>
> Attachments: HDFS-4295.patch
>
>
> In SecureDataNodeStarter:
> {code}
> if ((ss.getLocalPort() >= 1023 || listener.getPort() >= 1023) &&
> UserGroupInformation.isSecurityEnabled()) {
> throw new RuntimeException("Cannot start secure datanode with
> unprivileged ports");
> }
> {code}
> This prohibits using port 1023, but this should be okay because only root can
> listen to ports below 1024.
> We can change the >= to >.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
