You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Erik Steffl (JIRA)" <ji...@apache.org> on 2010/07/17 00:24:51 UTC

[jira] Created: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
-------------------------------------------------------------------------------------------------------------------------

                 Key: HADOOP-6864
                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
             Project: Hadoop Common
          Issue Type: Improvement
          Components: security
            Reporter: Erik Steffl
             Fix For: 0.22.0


The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.

Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Posted by "Erik Steffl (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HADOOP-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Erik Steffl updated HADOOP-6864:
--------------------------------

    Attachment: HADOOP-6864-0.20.1xx-1.patch

HADOOP-6864-0.20.1xx-1.patch addresses the comments in review.

Testing: since it depends on system setup it's not completely automatic, the way I tested it I created a copy of TestAccessControlList and set it up to use JniBasedUnixGroupsNetgroupMapping for group mapping and set up /etc/netgroup accordingly (essentially same as what ShellBasedUnixGroupsNetgroupMappingTestWrapper.java returns).

Note that /etc/nsswitch.conf must have line 'netgroup:       files' in it for the settings in /etc/netgroup to be used.

> Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Erik Steffl
>             Fix For: 0.22.0
>
>         Attachments: HADOOP-6864-0.20.1xx-1.patch, HADOOP-6864-0.20.1xx.patch
>
>
> The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.
> Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12891703#action_12891703 ] 

Boris Shkolnik commented on HADOOP-6864:
----------------------------------------

1. put a comment before (and other places, including C code)
 users = getUsersForNetgroupJNI(netgroup.substring(1)); 
2. instead  Arrays.asList(new String[0]); - just construct an empty list.
3. Please put a disclaimer that JNI implementation returns only groups which appear in the ACL
4. synchronize excess to the JNI functionality
5. Please test valid and invalid cases (empty or non-existing groups)..
6. Please test again :)

otherwise +1



> Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Erik Steffl
>             Fix For: 0.22.0
>
>         Attachments: HADOOP-6864-0.20.1xx.patch
>
>
> The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.
> Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Posted by "Erik Steffl (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/HADOOP-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Erik Steffl updated HADOOP-6864:
--------------------------------

    Attachment: HADOOP-6864-0.20.1xx.patch

> Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Erik Steffl
>             Fix For: 0.22.0
>
>         Attachments: HADOOP-6864-0.20.1xx.patch
>
>
> The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.
> Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Posted by "Erik Steffl (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12890896#action_12890896 ] 

Erik Steffl commented on HADOOP-6864:
-------------------------------------

JNA is licenced under Lesser General Public License (LGPL v. 2.1) which is not allowed to be used in Apache projects, see http://www.apache.org/legal/resolved.html

> Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Erik Steffl
>             Fix For: 0.22.0
>
>
> The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.
> Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6864) Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)

Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-6864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889374#action_12889374 ] 

Boris Shkolnik commented on HADOOP-6864:
----------------------------------------

please review the possibility of using JNA instead of JNI (https://jna.dev.java.net/).

> Provide a JNI-based implementation of ShellBasedUnixGroupsNetgroupMapping (implementation of GroupMappingServiceProvider)
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6864
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6864
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Erik Steffl
>             Fix For: 0.22.0
>
>
> The netgroups implementation of GroupMappingServiceProvider (see ShellBasedUnixGroupsNetgroupMapping.java) does a fork of a unix command to get the netgroups of a user. Since the group resolution happens in the servers, this might be costly. This jira aims at providing a JNI-based implementation for GroupMappingServiceProvider.
> Note that this is similar to what https://issues.apache.org/jira/browse/HADOOP-6818 does for implementation of GroupMappingServiceProvider that  supports only unix groups.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.