Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-5471

CacheAdmin -listPools fails when user lacks permissions to view all pools

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 2.3.0
    • Component/s: tools
    • Labels:
      None
    • Target Version/s:

      Description

      When a user does not have read permissions to a cache pool and executes "hdfs cacheadmin -listPools" the command will error complaining about missing required fields with something like:

      [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
      Exception in thread "main" org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.ipc.RemoteException): Message missing required fields: ownerName, groupName, mode, weight
      	at com.google.protobuf.AbstractMessage$Builder.newUninitializedMessageException(AbstractMessage.java:770)
      	at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ListCachePoolsResponseElementProto$Builder.build(ClientNamenodeProtocolProtos.java:51722)
      	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.listCachePools(ClientNamenodeProtocolServerSideTranslatorPB.java:1200)
      	at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
      	at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:605)
      	at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:932)
      	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2057)
      	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2053)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at javax.security.auth.Subject.doAs(Subject.java:396)
      	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1515)
      	at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2051)
      
      	at org.apache.hadoop.hdfs.tools.CacheAdmin$ListCachePoolsCommand.run(CacheAdmin.java:675)
      	at org.apache.hadoop.hdfs.tools.CacheAdmin.run(CacheAdmin.java:85)
      	at org.apache.hadoop.hdfs.tools.CacheAdmin.main(CacheAdmin.java:90)
      [schu@hdfs-nfs ~]$ 
      

      In this example, the pool "root" has 750 permissions, and the root superuser is able to successfully -listPools:

      [root@hdfs-nfs ~]# hdfs cacheadmin -listPools
      Found 4 results.
      NAME  OWNER  GROUP  MODE       WEIGHT 
      bar   root   root   rwxr-xr-x  100    
      foo   root   root   rwxr-xr-x  100    
      root  root   root   rwxr-x---  100    
      schu  root   root   rwxr-xr-x  100    
      [root@hdfs-nfs ~]# 
      

      When we modify the root pool to mode 755, schu user can now -listPools successfully without error.

      [schu@hdfs-nfs ~]$ hdfs cacheadmin -listPools
      Found 4 results.
      NAME  OWNER  GROUP  MODE       WEIGHT 
      bar   root   root   rwxr-xr-x  100    
      foo   root   root   rwxr-xr-x  100    
      root  root   root   rwxr-xr-x  100    
      schu  root   root   rwxr-xr-x  100    
      [schu@hdfs-nfs ~]$ 
      
      1. hdfs-5471-3.patch
        42 kB
        Andrew Wang
      2. hdfs-5471-2.patch
        41 kB
        Andrew Wang
      3. hdfs-5471-1.patch
        41 kB
        Andrew Wang

        Activity

          People

          • Assignee:
            Andrew Wang
            Reporter:
            Stephen Chu
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development