hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1455) Authorization for servlets
Date Tue, 16 Feb 2010 03:30:28 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12834056#action_12834056

Devaraj Das commented on MAPREDUCE-1455:

bq. 3) As tasktracker doesn't have the job ACLs, when any one tries to access task logs of
a job, I propose we store the job ACLs in a file say job-acls.xml) when task log files are
created by taskTracker. And tasktracker will read this job-acls.xml when somebody tries to
access task logs using web UI and does the authorization. I guess job-acls.xml can contain
only the 2 config properties mapreduce.job.user.name and mapreduce.job.acl-view-job.

Does it make sense to have the info in the log.info file that is already there in the task
logs directory?

> Authorization for servlets
> --------------------------
>                 Key: MAPREDUCE-1455
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: jobtracker, security, tasktracker
>            Reporter: Devaraj Das
>            Assignee: Ravi Gummadi
>             Fix For: 0.22.0
> This jira is about building the authorization for servlets (on top of MAPREDUCE-1307).
That is, the JobTracker/TaskTracker runs authorization checks on web requests based on the
configured job permissions. For e.g., if the job permission is 600, then no one except the
authenticated user can look at the job details via the browser. The authenticated user in
the servlet can be obtained using the HttpServletRequest method.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message