hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-3470) Jobtracker sets permissions on mapred.system.dir to 700 preventing non-superusers from submitting jobs to multi-user cluster
Date Sat, 20 Oct 2012 09:32:13 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-3470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13480678#comment-13480678
] 

Luke Lu commented on MAPREDUCE-3470:
------------------------------------

You must be using fairscheduler? If so the problem is resolved by MAPREDUCE-4451 (yes it affects
non-kerberos config as well).
                
> Jobtracker sets permissions on mapred.system.dir to 700 preventing non-superusers from
submitting jobs to multi-user cluster
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-3470
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3470
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: jobtracker
>    Affects Versions: 0.20.205.0, 1.0.0
>         Environment: Debian 6.0 x64_64
> java version "1.6.0_26"
> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
> Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)
>            Reporter: stephen mulcahy
>
> (See thread discussing here - https://mail-archives.apache.org/mod_mbox/hadoop-common-user/201111.mbox/%3C4EBAC2B3.6090806@deri.org%3E)
> I have installed a hadoop 0.20.205.0 cluster for use by multiple users, each of which
will submit their jobs from remote client systems. I have disabled security
> <property>
>   <name>hadoop.security.authorization</name>
>   <value>false</value>
> </property>
> <property>
>   <name>hadoop.security.authentication</name>
>   <value>simple</value>
> </property> 
> When a user other than super-user attempts to submit a job, they get the following error
> 11/11/09 16:32:53 INFO mapred.FileInputFormat: Total input paths to process : 2
> 11/11/09 16:32:53 INFO mapred.JobClient: Running job: job_201111091731_0003
> 11/11/09 16:32:54 INFO mapred.JobClient:  map 0% reduce 0%
> 11/11/09 16:32:54 INFO mapred.JobClient: Job complete: job_201111091731_0003
> 11/11/09 16:32:54 INFO mapred.JobClient: Counters: 0
> 11/11/09 16:32:54 INFO mapred.JobClient: Job Failed: Job initialization failed:
> org.apache.hadoop.security.AccessControlException: org.apache.hadoop.security.AccessControlException:
Permission denied: user=smulcahy, access=EXECUTE, inode="system":hadoop:supergroup:rwx------
> ..... 
> which seems to be due to not being able to create a jobToken file in <mapred.system.dir>/<job
id>/jobToken 
> I can reset the permissions on mapred.system.dir to something like 777 but when I restart
the jobtracker, it resets the permissions back to 700, requiring another permissions reset.
> This gives rise to a few questions,
> 1. Should I be able to use a hadoop cluster in this fashion or is this not supported
(if not, supported, I guess close this bug as invalid). If it is not supported, it reduces
the usability of hadoop for a class of users like myself (but maybe thats a small class).
> 2. If I should be able to use the cluster like this, should <mapred.system.dir>/<job
id>/jobToken need to be created if security is disabled? If no, then I guess is the bug
that needs to be fixed. If yes, then the jobtracker needs to be modified to allow everyone
to create dirs in mapred.system.dir (or the method of creation of the jobToken file needs
to be changed).
> Apologies if this was operator error but I didn't get much feedback on the mailing lists
so not sure where/how else to raise this.
> Changed introduced in MAPREDUCE-2219

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message