You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by lohit <lo...@gmail.com> on 2014/01/13 21:34:10 UTC

ViewFileSystem default ugi on mount point

Hi Devs,

ViewFileSystem by default tries to populate ugi information of mount point
based on the user who is running the command. For example if I execute
'hadoop fs -ls /' on '/' which happens to be a ViewFileSystem mountpoint,
then all mountpoint under '/' would who the permission and owner as 'lohit'

For example this check is coming from ViewFileSystem.java.

public FileStatus getFileStatus(Path f) throws IOException {
      checkPathIsSlash(f);
      return new FileStatus(0, true, 0, 0, creationTime, creationTime,
          PERMISSION_RRR, ugi.getUserName(), ugi.getGroupNames()[0],

          new Path(theInternalDir.fullPath).makeQualified(
              myUri, null));



In our clusters we do not create user accounts on worker nodes. Now if any
Map or Reduce code does getFileStatus on mountpoint they fail when it tries
to fetch ugi.getGroupNames()[0] with NPE. One option we are thinking is to
populate this with 'nobody':'nogroup' kind of string if we cannot resolve
to user/group name instead of failing with NPE. What do you guys think
about this approach. Any other ideas/suggestion?

-- 
Have a Nice Day!
Lohit

Re: ViewFileSystem default ugi on mount point

Posted by Juan Carlos <jc...@redoop.org>.

What about setting a ldap to have centralized user accounts?


2014/1/13 lohit <lo...@gmail.com>

> Hi Devs,
>
> ViewFileSystem by default tries to populate ugi information of mount point
> based on the user who is running the command. For example if I execute
> 'hadoop fs -ls /' on '/' which happens to be a ViewFileSystem mountpoint,
> then all mountpoint under '/' would who the permission and owner as 'lohit'
>
> For example this check is coming from ViewFileSystem.java.
>
> public FileStatus getFileStatus(Path f) throws IOException {
>       checkPathIsSlash(f);
>       return new FileStatus(0, true, 0, 0, creationTime, creationTime,
>           PERMISSION_RRR, ugi.getUserName(), ugi.getGroupNames()[0],
>
>           new Path(theInternalDir.fullPath).makeQualified(
>               myUri, null));
>
>
>
> In our clusters we do not create user accounts on worker nodes. Now if any
> Map or Reduce code does getFileStatus on mountpoint they fail when it tries
> to fetch ugi.getGroupNames()[0] with NPE. One option we are thinking is to
> populate this with 'nobody':'nogroup' kind of string if we cannot resolve
> to user/group name instead of failing with NPE. What do you guys think
> about this approach. Any other ideas/suggestion?
>
> --
> Have a Nice Day!
> Lohit
>