Details
Blocker Description
tested with security on, no filters defined for httpserver, job acls set so that only I could view/modify the job. Then went to the web ui to app master and job history server and both allowed me to view the job details. The webui shows the user "webuser". The RM properly rejected my request although it was using user "Dr.Who".
The exception shown in the log is:
11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser
11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user webuser
org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user
at org.apache.hadoop.util.Shell.runCommand(Shell.java:261)
at org.apache.hadoop.util.Shell.run(Shell.java:188)
at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381)
at org.apache.hadoop.util.Shell.execCommand(Shell.java:467)
at org.apache.hadoop.util.Shell.execCommand(Shell.java:450)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:88)
at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043)
at org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221)
at org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103)
at org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325)
at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292)
at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313)
at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97)