[jira] [Commented] (HDFS-7146) NFS ID/Group lookup requires SSSD enumeration on the server

Mon, 06 Oct 2014 14:23:27 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-7146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14160976#comment-14160976
 ] 

Yongjun Zhang commented on HDFS-7146:
-------------------------------------

Another thought [~aw], 

If you look at nfs code, only two platforms are currently supported: linux and 
macos. The commands used for them are crafted for differently. For example, 
getent is used for linux, and dscl and is used for mac.

Given that we have the need to use different commands for different platforms, 
if there is a new platform to be added, I would assume that likely we have to 
craft command for the new platform.  Based on this info, do you think it's ok 
for us to use "id" command (for linux and mac) will has the advantage of 
avoiding loading full user map (when there is numerical user name)? 

Thanks.





> NFS ID/Group lookup requires SSSD enumeration on the server
> -----------------------------------------------------------
>
>                 Key: HDFS-7146
>                 URL: https://issues.apache.org/jira/browse/HDFS-7146
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: nfs
>    Affects Versions: 2.6.0
>            Reporter: Yongjun Zhang
>            Assignee: Yongjun Zhang
>         Attachments: HDFS-7146.001.patch, HDFS-7146.002.allIncremental.patch, 
> HDFS-7146.003.patch
>
>
> The current implementation of the NFS UID and GID lookup works by running 
> 'getent passwd' with an assumption that it will return the entire list of 
> users available on the OS, local and remote (AD/etc.).
> This behaviour of the command is advised to be and is prevented by 
> administrators in most secure setups to avoid excessive load to the ADs 
> involved, as the # of users to be listed may be too large, and the repeated 
> requests of ALL users not present in the cache would be too much for the AD 
> infrastructure to bear.
> The NFS server should likely do lookups based on a specific UID request, via 
> 'getent passwd <UID>', if the UID does not match a cached value. This reduces 
> load on the LDAP backed infrastructure.
> Thanks [~qwertymaniac] for reporting the issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to