Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.3.0
-
None
-
None
-
None
-
Kerberized
Description
Looking at the Hadoop source code, there are a few places where the code assumes the user name can be acquired from Java's system property user.name.
For example,
/** Return the current user's home directory in this FileSystem. * The default implementation returns {@code "/user/$USER/"}. */ public Path getHomeDirectory() { return this.makeQualified( new Path(USER_HOME_PREFIX + "/" + System.getProperty("user.name"))); }
This is incorrect, as in a Kerberized environment, a user may login as a user principal different from its system login account.
It would be better to use UserGroupInformation.getCurrentUser().getShortUserName(), similar to HDFS-12485.
Unfortunately, I am seeing this improper use in Yarn, HDFS federation SFTPFilesystem and Ozone code (tests are ignored)
The impact should be small, since it only affects the case where system is Kerberized and that the user principal is different from system login account.
Attachments
Attachments
Issue Links
- relates to
-
HADOOP-16026 Replace incorrect use of system property user.name
- Resolved
-
HDDS-957 Replace incorrect use of system property user.name
- Resolved
-
YARN-9171 Replace incorrect use of system property user.name
- Resolved