[
https://issues.apache.org/jira/browse/HDFS-4983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839499#comment-13839499
]
Haohui Mai commented on HDFS-4983:
----------------------------------
bq. I did a quick search, but wasn't able to find any restrictions on the
usernames which HDFS or Hadoop allows. In UserGroupInformation#getLoginUser,
for example, you can see that it reads certain environment variables and just
uses them directly to get a username in some cases.
org.apache.hadoop.security.User doesn't seem to have any validation either.
I think it might be a good idea to open a new jira to address it. In general
you don't want control characters to be parts of the user / group name. For
example, if hdfs allows \0 in the username, libhdfs might break.
bq. my impression was that user name validation was added to httpfs to help
prevent problems caused by usernames which included HTTP metacharacters such as
%. The same problems apply to both webhdfs and httpfs, since they both use HTTP
and both are susceptible to those metacharacters.
My impression is that in webhdfs jersey is escaping / unescaping the parameters
automatically. It shouldn't be a problem of WebHDFS. I think it's okay to have
these additional checks around, but I don't quite understand the values of
making these checks generic and configurable.
Do you think the new pattern will be good enough for both everyday uses and
migration? If this is the case we can just tweak the pattern and claim victory.
We should avoid adding a new configuration when it is possible, as it
complicates the deployment and operations.
> Numeric usernames do not work with WebHDFS FS
> ---------------------------------------------
>
> Key: HDFS-4983
> URL: https://issues.apache.org/jira/browse/HDFS-4983
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: webhdfs
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Assignee: Yongjun Zhang
> Labels: patch
> Attachments: HDFS-4983.001.patch, HDFS-4983.002.patch,
> HDFS-4983.003.patch
>
>
> Per the file
> hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/resources/UserParam.java,
> the DOMAIN pattern is set to: {{^[A-Za-z_][A-Za-z0-9._-]*[$]?$}}.
> Given this, using a username such as "123" seems to fail for some reason
> (tried on insecure setup):
> {code}
> [123@host-1 ~]$ whoami
> 123
> [123@host-1 ~]$ hadoop fs -fs webhdfs://host-2.domain.com -ls /
> -ls: Invalid value: "123" does not belong to the domain
> ^[A-Za-z_][A-Za-z0-9._-]*[$]?$
> Usage: hadoop fs [generic options] -ls [-d] [-h] [-R] [<path> ...]
> {code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
