[
https://issues.apache.org/jira/browse/HDFS-5767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13878829#comment-13878829
]
Yongjun Zhang commented on HDFS-5767:
-------------------------------------
Hi [~brandonli],
Some info to share:
1. see man page:
"man adduser"
useradd [options] LOGIN
...
-u, --uid UID
The numerical value of the users ID. This value must be unique,
unless the -o option is used. The value must be non-negative. The default
is to use the smallest ID value greater than or equal to UID_MIN and
greater than every other user.
See also the -r option and the UID_MAX description.
-o, --non-unique
Allow the creation of a user account with a duplicate (non-unique)
UID.
This option is only valid in combination with the -o option.
(saw a bug in the man page, which says "-o" option is only valid in combination
with "-o", I think it meant in combination with "-u")
So in local database (/etc/passwd), it is possible to have same username mapped
to multiple uids, we can count on the search order to get the uid. But what we
do with the other uid that the same user is mapped to? We probably can assume
using one uid for this user is good enough?
2. The link
http://serverfault.com/questions/4916/multiple-nix-accounts-with-identical-uid
is quite intereseting. It suggested that it's possible to have multiple
accounts to share the same uid, and said it's designed that way.
> Nfs implementation assumes userName userId mapping to be unique, which is not
> true sometimes
> --------------------------------------------------------------------------------------------
>
> Key: HDFS-5767
> URL: https://issues.apache.org/jira/browse/HDFS-5767
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: nfs
> Affects Versions: 2.3.0
> Environment: With LDAP enabled
> Reporter: Yongjun Zhang
> Assignee: Brandon Li
>
> I'm seeing that the nfs implementation assumes unique <userName, userId> pair
> to be returned by command "getent paswd". That is, for a given userName,
> there should be a single userId, and for a given userId, there should be a
> single userName. The reason is explained in the following message:
> private static final String DUPLICATE_NAME_ID_DEBUG_INFO = "NFS gateway
> can't start with duplicate name or id on the host system.\n"
> + "This is because HDFS (non-kerberos cluster) uses name as the only
> way to identify a user or group.\n"
> + "The host system with duplicated user/group name or id might work
> fine most of the time by itself.\n"
> + "However when NFS gateway talks to HDFS, HDFS accepts only user and
> group name.\n"
> + "Therefore, same name means the same user or same group. To find the
> duplicated names/ids, one can do:\n"
> + "<getent passwd | cut -d: -f1,3> and <getent group | cut -d: -f1,3>
> on Linux systms,\n"
> + "<dscl . -list /Users UniqueID> and <dscl . -list /Groups
> PrimaryGroupID> on MacOS.";
> This requirement can not be met sometimes (e.g. because of the use of LDAP)
> Let's do some examination:
> What exist in /etc/passwd:
> $ more /etc/passwd | grep ^bin
> bin:x:2:2:bin:/bin:/bin/sh
> $ more /etc/passwd | grep ^daemon
> daemon:x:1:1:daemon:/usr/sbin:/bin/sh
> The above result says userName "bin" has userId "2", and "daemon" has userId
> "1".
>
> What we can see with "getent passwd" command due to LDAP:
> $ getent passwd | grep ^bin
> bin:x:2:2:bin:/bin:/bin/sh
> bin:x:1:1:bin:/bin:/sbin/nologin
> $ getent passwd | grep ^daemon
> daemon:x:1:1:daemon:/usr/sbin:/bin/sh
> daemon:x:2:2:daemon:/sbin:/sbin/nologin
> We can see that there are multiple entries for the same userName with
> different userIds, and the same userId could be associated with different
> userNames.
> So the assumption stated in the above DEBUG_INFO message can not be met here.
> The DEBUG_INFO also stated that HDFS uses name as the only way to identify
> user/group. I'm filing this JIRA for a solution.
> Hi [~brandonli], since you implemented most of the nfs feature, would you
> please comment?
> Thanks.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
