Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-8712. Change default hadoop.security.group.mapping to JniBasedUnixGroupsNetgroupMappingWithFallback. Contributed by Robert Parker. 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1433624 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Todd Lipcon 2013-01-15 20:43:32 +00:00
parent 2cee917f53
commit 347cf6e176
3 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -436,6 +436,9 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9192. Move token related request/response messages to common. HADOOP-9192. Move token related request/response messages to common.
(suresh) (suresh)
HADOOP-8712. Change default hadoop.security.group.mapping to
JniBasedUnixGroupsNetgroupMappingWithFallback (Robert Parker via todd)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang

12
hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
View File

@ -80,9 +80,17 @@
<property> <property>
<name>hadoop.security.group.mapping</name> <name>hadoop.security.group.mapping</name>
<value>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</value> <value>org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback</value>
<description> <description>
Class for user to group mapping (get groups for a given user) for ACL Class for user to group mapping (get groups for a given user) for ACL.
The default implementation,
org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,
will determine if the Java Native Interface (JNI) is available. If JNI is
available the implementation will use the API within hadoop to resolve a
list of groups for a user. If JNI is not available then the shell
implementation, ShellBasedUnixGroupsMapping, is used. This implementation
shells out to the Linux/Unix environment with the
<code>bash -c groups</code> command to resolve a list of groups for a user.
</description> </description>
</property> </property>

9
hadoop-hdfs-project/hadoop-hdfs/src/main/docs/src/documentation/content/xdocs/hdfs_permissions_guide.xml
View File

@ -92,10 +92,11 @@ There is no provision within HDFS for creating user identities, establishing gro
<section><title>Group Mapping</title> <section><title>Group Mapping</title>
<p> <p>
Once a username has been determined as described above, the list of groups is determined by a <em>group mapping Once a username has been determined as described above, the list of groups is
service</em>, configured by the <code>hadoop.security.group.mapping</code> property. determined by a <em>group mapping service</em>, configured by the
The default implementation, <code>org.apache.hadoop.security.ShellBasedUnixGroupsMapping</code>, will shell out <code>hadoop.security.group.mapping</code> property. Refer to the
to the Unix <code>bash -c groups</code> command to resolve a list of groups for a user. core-default.xml for details of the <code>hadoop.security.group.mapping</code>
implementation.
</p> </p>
<p> <p>
An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available