[HDFS-3624] fuse_dfs: improve user and group translation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 2.0.0-alpha
Fix Version/s: None
Component/s: fuse-dfs
Labels:
None

Target Version/s:

Description

In fuse_dfs, we should translate HDFS unknown user names to the UNIX UID or GID for 'nobody' or 'nogroup' by default. This should also be configurable for systems that want to use a different UID for this purpose. (Currently we hard code this as UID 99).

Similarly, 'superuser' should be translated to 'root', and this translation should also be made configurable.

fuse_dfs should not do its own permission checks, but instead rely on the Java code to do this. Trying to use the translated UIDs and GIDs for permission checking (which is what FUSE does when you enable default_permissions) leads to problems.

Finally, the HDFS user name to UID mapping should be cached for a short amount of time, rather than queried multiple times during every operation. It changes extremely infrequently.

Another related issue is that we currently don't let the HDFS superuser do the things that root is supposed to be able to do on a filesystem, like change the ownership of files. The HDFS superuser should be treated as root on the FUSE filesystem, just like he is on HDFS.

Attachments

Issue Links

is related to

HDFS-3271 src/fuse_users.c: use re-entrant versions of getpwuid, getgid, etc

Open

relates to

HDFS-3568 fuse_dfs: add support for security

Closed

Activity

People

Assignee:: Colin McCabe

Reporter:: Colin McCabe

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Jul/12 05:53

Updated:: 07/Sep/12 21:09