[HADOOP-10851] NetgroupCache does not remove group memberships - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.1
Fix Version/s: 2.6.0
Component/s: security
Labels:
None

Target Version/s:

2.6.0
Hadoop Flags:

Reviewed

Description

NetgroupCache is used by GroupMappingServiceProvider implementations based on net groups.
But it has a serious flaw in that once a user to group membership is established, it remains forever even if user is actually removed from the netgroup and cache is cleared. It is cleared only if the server is restarted.

To reproduce this:

Cache a group with a set of users.
Test membership correctness.
Clear cache, remove a user from the group and cache the group again
Expected result : user’s groups should not include the group from which he/she is removed.
Actual result : user’s groups includes the group from which he/she was removed.

It is also noted that NetgroupCache has concurrency issues and a separate jira is filed to rectify them.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-10851.patch
16/Jul/14 19:17
6 kB
Benoy Antony

Issue Links

is required by

HADOOP-10852 NetgroupCache is not thread-safe

Closed

Activity

People

Assignee:: Benoy Antony

Reporter:: Benoy Antony

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Jul/14 19:14

Updated:: 01/Dec/14 03:09

Resolved:: 12/Aug/14 22:33