hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod K V (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1307) Introduce the concept of Job Permissions
Date Tue, 09 Feb 2010 10:35:28 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12831402#action_12831402

Vinod K V commented on MAPREDUCE-1307:

OK.. I am going ahead with ACLs for job permissions. Here's the proposal:

Users can interact with their jobs via mapred commands, JT RPCs, JT web UI and TT web UI.
This issue only handles the authorization of RPCs and hence the command-line clients. Authorization
for web UI will be addressed by MAPREDUCE-1455.

h4. Per-job ACLs can be set by job in JobConf during the submission.
 - As of now, we will only have two per-job ACLs
    -- mapreduce.job.acl-modify-job
    -- mapreduce.job.acl-view-job
 - Job owner has the authorization to do _anything_ with the job irrespective of the configured
 - superuser(the user who starts the mapred cluster) and members of supergroup(configured
on JT via mapred.permissions.supergroup) have the authorization to do _anything_ with the
job irrespective of the configured ACLs.

h4. mapreduce.job.acl-modify-job
 - This guards *all* the modifications w.r.t a job. This takes care of all the following operations
that come under this category:
    -- killing a job
    -- killing a task of a job, failing a task of a job
    -- setting the priority of a job
 - Each of these operations are also guarded by the per-queue level ACL "acl-administer-jobs".
So a caller(other than the job-owner and the superuser/supergroup) should have the authorization
to satisfy both the queue-level ACL and then the job-level ACL.

h4. mapreduce.job.acl-view-job
 - This guards *some* of the job-views
 - For now, we *only* protect APIs that can return possibly sensitive information of the job-owner
    -- job-level counters
    -- task-level counters
    -- task-logs displayed by TT UI and
    -- job.xml showed by JT UI
(The last twowill be handled by MAPREDUCE-1455).
 - The above means every other piece information of jobs is still accessible by any other
user, for e.g., JobStatus, JobProfile, list of jobs in the queue, etc.

> Introduce the concept of Job Permissions
> ----------------------------------------
>                 Key: MAPREDUCE-1307
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Devaraj Das
>             Fix For: 0.22.0
>         Attachments: 1307-early-1.patch
> It would be good to define the notion of job permissions analogous to file permissions.
Then the JobTracker can restrict who can "read" (e.g. look at the job page) or "modify" (e.g.
kill) jobs.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message