hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ravi Gummadi (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1664) Job Acls affect Queue Acls
Date Tue, 18 May 2010 17:50:44 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12868760#action_12868760
] 

Ravi Gummadi commented on MAPREDUCE-1664:
-----------------------------------------

Access to task logs is given to the administrators of the queue only as they should have access
to everything on the jobs of the queue. No ?
So the users part of the queue ACL acl-administer-jobs will be able to "view job details"
in addition to the allowed operations SET_JOB_PRIORITY, KILL_TASK, KILL_JOB.

> Job Acls affect Queue Acls
> --------------------------
>
>                 Key: MAPREDUCE-1664
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1664
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.22.0
>            Reporter: Ravi Gummadi
>            Assignee: Ravi Gummadi
>             Fix For: 0.22.0
>
>         Attachments: 1664.20S.3.4.patch, 1664.qAdminsJobView.20S.v1.6.patch, M1664y20s-testfix.patch,
mr-1664-20-bugfix.patch
>
>
> MAPREDUCE-1307 introduced job ACLs for securing job level operations. So in current trunk,
queue ACLs and job ACLs are checked(with AND for both acls) for allowing job level operations.
So for doing operations like killJob, killTask and setJobPriority user should be part of both
mapred.queue.{queuename}.acl-administer-jobs and in mapreduce.job.acl-modify-job. This needs
to change so that users who are part of mapred.queue.{queuename}.acl-administer-jobs will
be able to do killJob,killTask,setJobPriority and users part of mapreduce.job.acl-modify-job
will be able to do killJob,killTask,setJobPriority.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message