You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Premchandra Preetham Kukillaya (JIRA)" <ji...@apache.org> on 2014/06/15 09:55:01 UTC
[jira] [Commented] (HADOOP-10701) The bug is while accessing NFS
Mounted File System the permission is always validated based on the
primary Unix group the user is associated with and Secondary Unix groups
are ignored.
[ https://issues.apache.org/jira/browse/HADOOP-10701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14031803#comment-14031803 ]
Premchandra Preetham Kukillaya commented on HADOOP-10701:
---------------------------------------------------------
Here are the detailed steps to recreate this bug. FYI we are using LDAP for storing the Unix ID and group and the LDAP is integrated with Hadoop cluster.
Preliminary steps
1.Created Group say group1
2.Created Another Group say group2
3.Now created a User say “pocuser” and associated it with group1 and group2 ( now pocuser is associated with group1 and group2)
uid=13500(pocuser) gid=3500(group1) groups=3500(group1),3600(group2)
4 Created HDFS directory named data1 and assigned the ownership to hdfs:group1 with permission 770
5.Create Another HDFS directory say data2 and assigned the ownership to hdfs:group2 with permission 770
drwxrwx--- - hdfs group1 0 2014-06-14 04:14 /data1
drwxrwx--- - hdfs group2 0 2014-06-14 04:14 /data2
Steps to create bug
1) Now login as “pocuser" in to the machine where HDFS is mounted and just type command “id" then you will see that user “pocuser” is associated with two groups (group1 and group2)
uid=13500(pocuser) gid=3500(group1) groups=3500(group1),3600(group2)
2)Execute "cd /hdfsmount; ls – ltra" then you will see that permissions are reflecting properly in the mounted file system
drwxrwx---. 2 hdfs group1 64 Jun 14 04:14 data1
drwxrwx---. 2 hdfs group2 64 Jun 14 04:14 data2
3) Reconfirmed that user “pocuser” belongs to the two group by executing command "groups pocuser"
pocuser : group1 group2
4) Now the user “pocuser” can access only data1 and NOT data2 as for some reasons it ignores the secondary group while accessing the mounted file system and throws Permission denied.
-sh-4.1$ cd data2
-sh: cd: data2: Permission denied
-sh-4.1$ cd data1
-sh-4.1$
5) Now if execute the command “newgrp group2” then the user can access data2 and not data1 as the the primary group of the user “pocuser” is group2
newgrp group2
cd data1
cd: data1: Permission denied
cd data2
> The bug is while accessing NFS Mounted File System the permission is always validated based on the primary Unix group the user is associated with and Secondary Unix groups are ignored.
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-10701
> URL: https://issues.apache.org/jira/browse/HADOOP-10701
> Project: Hadoop Common
> Issue Type: Bug
> Components: nfs
> Environment: Linux Redhat
> Reporter: Premchandra Preetham Kukillaya
> Attachments: Hadoop_NFS_BugCreation_Steps.docx
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)