hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Kumar Vavilapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-5210) Job submission has strict permission validation
Date Mon, 06 May 2013 18:10:16 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-5210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13649933#comment-13649933
] 

Vinod Kumar Vavilapalli commented on MAPREDUCE-5210:
----------------------------------------------------

bq. For file systems such as S3, which do not have permission concept
Interesting. Seems like there is some kind of password based protection i.e. only auth and
no authz for S3, but S3FileSystem isn't supporting any of that. We can definitely abstract
this check out, and as much as I hate it, put in specific checks for S3FileSystem. Ideally,
FileSystem should have an API to check ownership.
                
> Job submission has strict permission validation
> -----------------------------------------------
>
>                 Key: MAPREDUCE-5210
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5210
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Amareshwari Sriramadasu
>            Assignee: samar
>
> The following code in JobSubmissionFiles.java mandates strict permission on job submission
:
> {noformat}
>     if (fs.exists(stagingArea)) {
>       FileStatus fsStatus = fs.getFileStatus(stagingArea);
>       String owner = fsStatus.getOwner();
>       if (!(owner.equals(currentUser) || owner.equals(realUser))) {
>          throw new IOException("The ownership on the staging directory " +
>                       stagingArea + " is not as expected. " + 
>                       "It is owned by " + owner + ". The directory must " +
>                       "be owned by the submitter " + currentUser + " or " +
>                       "by " + realUser);
>       }
> {noformat}
> For file systems such as S3, which do not have permission concept, user can never submit
a job with staging area in S3. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message