You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Yongjun Zhang (JIRA)" <ji...@apache.org> on 2014/01/14 22:07:19 UTC

[jira] [Created] (HDFS-5767) Nfs implementation assumes userName userId mapping to be unique, which is not true sometimes

Yongjun Zhang created HDFS-5767:
-----------------------------------

             Summary: Nfs implementation assumes userName userId mapping to be unique, which is not true sometimes
                 Key: HDFS-5767
                 URL: https://issues.apache.org/jira/browse/HDFS-5767
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: nfs
    Affects Versions: 2.3.0
         Environment: With LDAP enabled
            Reporter: Yongjun Zhang


I'm seeing that the nfs implementation assumes unique <userName, userId> pair to be returned by command  "getent paswd". That is, for a given userName, there should be a single userId, and for a given userId, there should be a single userName.  The reason is explained in the following message:

 private static final String DUPLICATE_NAME_ID_DEBUG_INFO = "NFS gateway can't start with duplicate name or id on the host system.\n"
      + "This is because HDFS (non-kerberos cluster) uses name as the only way to identify a user or group.\n"
      + "The host system with duplicated user/group name or id might work fine most of the time by itself.\n"
      + "However when NFS gateway talks to HDFS, HDFS accepts only user and group name.\n"
      + "Therefore, same name means the same user or same group. To find the duplicated names/ids, one can do:\n"
      + "<getent passwd | cut -d: -f1,3> and <getent group | cut -d: -f1,3> on Linux systms,\n"
      + "<dscl . -list /Users UniqueID> and <dscl . -list /Groups PrimaryGroupID> on MacOS.";

This requirement can not be met sometimes (e.g. because of the use of LDAP) Let's do some examination:

What exist in /etc/passwd:

$ more /etc/passwd | grep ^bin
bin:x:2:2:bin:/bin:/bin/sh
$ more /etc/passwd | grep ^daemon
daemon:x:1:1:daemon:/usr/sbin:/bin/sh

The above result says userName  "bin" has userId "2", and "daemon" has userId "1".
 
What we can see with "getent passwd" command due to LDAP:

$ getent passwd | grep ^bin
bin:x:2:2:bin:/bin:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
$ getent passwd | grep ^daemon
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
daemon:x:2:2:daemon:/sbin:/sbin/nologin

We can see that there are multiple entries for the same userName with different userIds, and the same userId could be associated with different userNames.

So the assumption stated in the above DEBUG_INFO message can not be met here. The DEBUG_INFO also stated that HDFS uses name as the only way to identify user/group. I'm filing this JIRA for a solution.

Hi Brandon, since you implemented most of the nfs feature, would you please comment? 

Thanks.




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)