hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Hung (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MAPREDUCE-6860) User intermediate-done-dir permissions should use history file permissions configuration
Date Wed, 08 Mar 2017 02:38:38 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jonathan Hung updated MAPREDUCE-6860:
-------------------------------------
    Description: 
Currently {{JobHistoryEventHandler}} creates the user intermediate-done-dir directory here:
{noformat}      doneDirPrefixPath =
          FileContext.getFileContext(conf).makeQualified(new Path(userDoneDirStr));
      mkdir(doneDirFS, doneDirPrefixPath, new FsPermission(
          JobHistoryUtils.HISTORY_INTERMEDIATE_USER_DIR_PERMISSIONS));{noformat} which is
hardcoded to 770. But the summary, history, and conf files under this user dir are configurable
via {{mapreduce.jobhistory.intermediate-done-dir.file.permission}}. So if the configured permissions
has  read/write/execute permissions for "other" users, they will still not have access to
these files due to the 770 permission on the user dir.

I see two options here:
# Reuse {{mapreduce.jobhistory.intermediate-done-dir.file.permission}} as the permissions
for the user dir
# Create a new config for the user dir permissions, using 770 as the default
The latter makes more sense to me.

  was:
Currently {{JobHistoryEventHandler}} creates the user intermediate-done-dir directory here:
{noformat}      doneDirPrefixPath =
          FileContext.getFileContext(conf).makeQualified(new Path(userDoneDirStr));
      mkdir(doneDirFS, doneDirPrefixPath, new FsPermission(
          JobHistoryUtils.HISTORY_INTERMEDIATE_USER_DIR_PERMISSIONS));{noformat} which is
hardcoded to 770. But the summary, history, and conf files under this user dir are configurable
via {{mapreduce.jobhistory.intermediate-done-dir.file.permission}}. So if the configured permissions
has  read/write/execute permissions for "other" users, they will still not have access to
these files due to the 770 permission on the user dir.

I see two options here:
# Reuse {{mapreduce.jobhistory.intermediate-done-dir.file.permission}} as the permissions
for the user dir
# Create a new config for the user dir permissions, using 770 as the default


> User intermediate-done-dir permissions should use history file permissions configuration
> ----------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-6860
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-6860
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Jonathan Hung
>
> Currently {{JobHistoryEventHandler}} creates the user intermediate-done-dir directory
here: {noformat}      doneDirPrefixPath =
>           FileContext.getFileContext(conf).makeQualified(new Path(userDoneDirStr));
>       mkdir(doneDirFS, doneDirPrefixPath, new FsPermission(
>           JobHistoryUtils.HISTORY_INTERMEDIATE_USER_DIR_PERMISSIONS));{noformat} which
is hardcoded to 770. But the summary, history, and conf files under this user dir are configurable
via {{mapreduce.jobhistory.intermediate-done-dir.file.permission}}. So if the configured permissions
has  read/write/execute permissions for "other" users, they will still not have access to
these files due to the 770 permission on the user dir.
> I see two options here:
> # Reuse {{mapreduce.jobhistory.intermediate-done-dir.file.permission}} as the permissions
for the user dir
> # Create a new config for the user dir permissions, using 770 as the default
> The latter makes more sense to me.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: mapreduce-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: mapreduce-issues-help@hadoop.apache.org


Mime
View raw message