Hi, I looked at Hadoop 1.X source code and found some logic that I could not understand.
In the org.apache.hadoop.mapred.Child class, there were two UGIs defined as follows. UserGroupInformation current = UserGroupInformation.getCurrentUser(); current.addToken(jt); UserGroupInformation taskOwner = UserGroupInformation.createRemoteUser(firstTaskid.getJobID().toString()); taskOwner.addToken(jt); But it is the taskOwner that is actually passed as a UGI to task tracker and then to HDFS. The first one was not referenced any where. final TaskUmbilicalProtocol umbilical = taskOwner.doAs(new PrivilegedExceptionAction<TaskUmbilicalProtocol>() { @Override public TaskUmbilicalProtocol run() throws Exception { return (TaskUmbilicalProtocol)RPC.getProxy(TaskUmbilicalProtocol.class, TaskUmbilicalProtocol.versionID, address, defaultConf); } }); What puzzled me is that the job id is actually passed in as the user name to task tracker. On the Name node side, when it tries to map the non-existing user name, i.e., task id, to a group, it always returns empty array. As a result, we always see annoying warning messages such as WARN org.apache.hadoop.security.UserGroupInformation (IPC Server handler 63 on 9000): No groups available for user job_201401071758_0002 Sometimes, the warning messages were thrown so fast, hundreds or even thousands per second for a big cluster, the system performance was degraded dramatically. Could someone please explain why this logic was designed in this way? Any benefit to use non-existing user for the group mapping? Or is this a bug? Thanks in advance, John