You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Arpit Agarwal (JIRA)" <ji...@apache.org> on 2014/05/06 23:02:24 UTC
[jira] [Comment Edited] (HADOOP-10467) Enable proxyuser
specification to support list of users in addition to list of groups.
[ https://issues.apache.org/jira/browse/HADOOP-10467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13991127#comment-13991127 ]
Arpit Agarwal edited comment on HADOOP-10467 at 5/6/14 9:00 PM:
----------------------------------------------------------------
My comments, mostly documentation and coding style.
# SecureMode.apt.vm: I think the following sentence is not quite accurate.
{code}
You can configure proxy user using properties
<<<hadoop.proxyuser.${superuser}.hosts>>> , <<<hadoop.proxyuser.${superuser}.groups>>>
and <<<hadoop.proxyuser.${superuser}.users>>>.
{code}
Instead it should be
{code}
You can configure proxy user using properties
<<<hadoop.proxyuser.${superuser}.hosts>>> along with either or both of <<<hadoop.proxyuser.${superuser}.groups>>>
and <<<hadoop.proxyuser.${superuser}.users>>>.
{code}
What do you think?
# SecureMode.apt.vm: could you also add an example for {{hadoop.proxyuser.oozie.users}}?
# SecureMode.apt.vm: obsolete text?
{code}
It is possible to specify list of users and groups
using the property <<<hadoop.proxyuser.${superuser}.usergroups>>>.
The syntax is user1,user2SPACEgroup1,group2
{code}
# Coding convention is not followed consistently in ProxyUsers.java. e.g. need space after )
{code}
if (!userAuthorized){
{code}
# Unnecessary edit to comment in {{refreshSuperUserGroupsConfiguration}}. I guess it was relevant in the earlier version of the patch.
# Comments in {{testWildcardUser}} should probably say 'user' instead of 'group'?
Looks fine otherwise.
was (Author: arpitagarwal):
My comments, mostly documentation and coding style.
# SecureMode.apt.vm: I think the following sentence is not quite accurate.
{code}
You can configure proxy user using properties
<<<hadoop.proxyuser.${superuser}.hosts>>> , <<<hadoop.proxyuser.${superuser}.groups>>>
and <<<hadoop.proxyuser.${superuser}.users>>>.
{code}
Instead it should be
{code}
You can configure proxy user using properties
<<<hadoop.proxyuser.${superuser}.hosts>>> along with either <<<hadoop.proxyuser.${superuser}.groups>>>
or <<<hadoop.proxyuser.${superuser}.users>>>.
{code}
What do you think?
# SecureMode.apt.vm: could you also add an example for {{hadoop.proxyuser.oozie.users}}?
# SecureMode.apt.vm: obsolete text?
{code}
It is possible to specify list of users and groups
using the property <<<hadoop.proxyuser.${superuser}.usergroups>>>.
The syntax is user1,user2SPACEgroup1,group2
{code}
# Coding convention is not followed consistently in ProxyUsers.java. e.g. need space after )
{code}
if (!userAuthorized){
{code}
# Unnecessary edit to comment in {{refreshSuperUserGroupsConfiguration}}. I guess it was relevant in the earlier version of the patch.
# Comments in {{testWildcardUser}} should probably say 'user' instead of 'group'?
Looks fine otherwise.
> Enable proxyuser specification to support list of users in addition to list of groups.
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-10467
> URL: https://issues.apache.org/jira/browse/HADOOP-10467
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10467.patch, HADOOP-10467.patch, HADOOP-10467.patch, HADOOP-10467.patch, HADOOP-10467.patch, HADOOP-10467.patch, HADOOP-10467.patch
>
>
> Today , the proxy user specification supports only list of groups. In some cases, it is useful to specify the list of users in addition to list of groups.
--
This message was sent by Atlassian JIRA
(v6.2#6252)