Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.3-alpha, 0.23.7, 3.0.0-alpha1
-
None
-
None
-
None
Description
NetgroupCache is used to get around the problem of inability to obtain a single user-to-groups mapping from netgroup. For example, the ACL code pre-populates this cache, so that any user-group mapping can be resolved for all groups defined in the service.
However, the current refresh code only adds users to existing groups, so a loss of group membership won't take effect. This is because the internal user-groups mapping cache is never invalidated. If this is simply invalidated on clear(), the cache entries will build up correctly, but user-group resolution may fail during refresh, resulting in incorrectly denying accesses.
Attachments
Attachments
Issue Links
- is depended upon by
-
HADOOP-9200 enhance unit-test coverage of class org.apache.hadoop.security.NetgroupCache
- Patch Available