hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Marc Spaggiari <jean-m...@spaggiari.org>
Subject Re: JobTracker security
Date Wed, 27 Feb 2013 00:57:11 GMT
I mean the executable files. Or even the entire hadoop directory?
People might still be able to install a local copy of hadoop and
configure it to point to the same trackers, and then do the kill, but
at least that will complicate the things a bit?

If user1 and user2 are on different groups also, that might allow you
to block some user2 actions against user1 processes? Also, you should
take look to the "Security" chapter in "Hadoop: The Definitive Guide"
and to the hadoop-policy.xml file (I never looked at this file, so
maybe it's not at all related).

2013/2/26 Serge Blazhievsky <hadoop.ca@gmail.com>:
> hi Jean,
>
> Do you mean input files for hadoop ? or hadoop directory?
>
> Serge
>
>
> On Tue, Feb 26, 2013 at 4:38 PM, Jean-Marc Spaggiari
> <jean-marc@spaggiari.org> wrote:
>>
>> Maybe restrict access to the hadoop file(s) to the user1?
>>
>> 2013/2/26 Serge Blazhievsky <hadoop.ca@gmail.com>:
>> > I am trying to not to use kerberos...
>> >
>> > Is there other option?
>> >
>> > Thanks
>> > Serge
>> >
>> >
>> > On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum
>> > <Patai.Sangbutsarakum@turn.com> wrote:
>> >>
>> >> Kerberos
>> >>
>> >> From: Serge Blazhievsky <hadoop.ca@gmail.com>
>> >> Reply-To: <user@hadoop.apache.org>
>> >> Date: Tue, 26 Feb 2013 15:29:08 -0800
>> >> To: <user@hadoop.apache.org>
>> >> Subject: JobTracker security
>> >>
>> >> Hi all,
>> >>
>> >> Is there a way to restrict job monitoring and management only to jobs
>> >> started by each individual user?
>> >>
>> >>
>> >> The basic scenario is:
>> >>
>> >> 1. Start a job under user1
>> >> 2. Login as user2
>> >> 3. hadoop job -list to retrieve job id
>> >> 4. hadoop job -kill job_id
>> >> 5. Job gets terminated....
>> >>
>> >> Is there something that needs to be enabled to prevent that from
>> >> happening?
>> >>
>> >> Thanks
>> >> Serge
>> >
>> >
>
>

Mime
View raw message