diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index adca2c59bf5..92a15208692 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -717,6 +717,9 @@ Release 2.6.0 - UNRELEASED HDFS-7140. Add a tool to list all the existing block storage policies. (jing9) + HDFS-6664. HDFS permissions guide documentation states incorrect default + group mapping class. (Ray Chiang via aw) + Release 2.5.1 - 2014-09-05 INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm b/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm index f9aac0bf6c0..30119a6093a 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm +++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/apt/HdfsPermissionsGuide.apt.vm @@ -99,9 +99,16 @@ HDFS Permissions Guide Once a username has been determined as described above, the list of groups is determined by a group mapping service, configured by the hadoop.security.group.mapping property. The default implementation, - org.apache.hadoop.security.ShellBasedUnixGroupsMapping, will shell out - to the Unix bash -c groups command to resolve a list of groups for a - user. + org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback, + will determine if the Java Native Interface (JNI) is available. If + JNI is available, the implementation will use the API within hadoop + to resolve a list of groups for a user. If JNI is not available + then the shell implementation, + org.apache.hadoop.security.ShellBasedUnixGroupsMapping, is used. + This implementation shells out with the <<>> + command (for a Linux/Unix environment) or the <<>> + command (for a Windows environment) to resolve a list of groups for + a user. An alternate implementation, which connects directly to an LDAP server to resolve the list of groups, is available via