[
https://issues.apache.org/jira/browse/HDFS-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839481#comment-13839481
]
Colin Patrick McCabe commented on HDFS-4983:
--------------------------------------------
bq. At the end of the day both of them are writing to HDFS using a DFSClient,
thus their user patterns must be a subset of the patterns that HDFS allows.
I did a quick search, but wasn't able to find any restrictions on the usernames
which HDFS or Hadoop allows. In {{UserGroupInformation#getLoginUser}}, for
example, you can see that it reads certain environment variables and just uses
them directly to get a username in some cases.
{{org.apache.hadoop.security.User}} doesn't seem to have any validation either.
bq. Httpfs is a proxy, so it might make sense for the administrators to
configure a more restrictive pattern.
Maybe someone else can comment more on this, but my impression was that user
name validation was added to httpfs to help prevent problems caused by
usernames which included HTTP metacharacters such as %. The same problems
apply to both webhdfs and httpfs, since they both use HTTP and both are
susceptible to those metacharacters.
I don't think these issues have anything to do with whether you're proxying or
not, just the fact that these names are difficult to deal with in the context
of HTTP. I guess you could argue that we should escape them rather than
disallowing them... but that seems outside the scope of this JIRA.
> Numeric usernames do not work with WebHDFS FS
> ---------------------------------------------
>
> Key: HDFS-4983
> URL: https://issues.apache.org/jira/browse/HDFS-4983
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: webhdfs
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Assignee: Yongjun Zhang
> Labels: patch
> Attachments: HDFS-4983.001.patch, HDFS-4983.002.patch,
> HDFS-4983.003.patch
>
>
> Per the file
> hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/resources/UserParam.java,
> the DOMAIN pattern is set to: {{^[A-Za-z_][A-Za-z0-9._-]*[$]?$}}.
> Given this, using a username such as "123" seems to fail for some reason
> (tried on insecure setup):
> {code}
> [123@host-1 ~]$ whoami
> 123
> [123@host-1 ~]$ hadoop fs -fs webhdfs://host-2.domain.com -ls /
> -ls: Invalid value: "123" does not belong to the domain
> ^[A-Za-z_][A-Za-z0-9._-]*[$]?$
> Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [<path> ...]
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
