From 3a1f981686835f64df4498f93dae73fde3f2c7a8 Mon Sep 17 00:00:00 2001 From: Allen Wittenauer Date: Fri, 26 Sep 2014 12:20:40 -0700 Subject: [PATCH] HDFS-6664. HDFS permissions guide documentation states incorrect default group mapping class. (Ray Chiang via aw) --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++ .../src/site/apt/HdfsPermissionsGuide.apt.vm | 13 ++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 1297bc9acd5..0524cf0e227 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -972,6 +972,9 @@ Release 2.6.0 - UNRELEASED HDFS-7140. Add a tool to list all the existing block storage policies. (jing9) + HDFS-6664. HDFS permissions guide documentation states incorrect default + group mapping class. (Ray Chiang via aw) + Release 2.5.1 - 2014-09-05 INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm b/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm index f9aac0bf6c0..30119a6093a 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm +++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm @@ -99,9 +99,16 @@ HDFS Permissions Guide Once a username has been determined as described above, the list of groups is determined by a group mapping service, configured by the hadoop.security.group.mapping property. The default implementation, - org.apache.hadoop.security.ShellBasedUnixGroupsMapping, will shell out - to the Unix bash -c groups command to resolve a list of groups for a - user. + org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback, + will determine if the Java Native Interface (JNI) is available. If + JNI is available, the implementation will use the API within hadoop + to resolve a list of groups for a user. If JNI is not available + then the shell implementation, + org.apache.hadoop.security.ShellBasedUnixGroupsMapping, is used. + This implementation shells out with the <<>> + command (for a Linux/Unix environment) or the <<>> + command (for a Windows environment) to resolve a list of groups for + a user. An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available via