Return-Path: X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 579D211F0C for ; Thu, 21 Aug 2014 12:12:12 +0000 (UTC) Received: (qmail 95282 invoked by uid 500); 21 Aug 2014 12:12:11 -0000 Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org Received: (qmail 95227 invoked by uid 500); 21 Aug 2014 12:12:11 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: yarn-issues@hadoop.apache.org Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 94988 invoked by uid 99); 21 Aug 2014 12:12:11 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Aug 2014 12:12:11 +0000 Date: Thu, 21 Aug 2014 12:12:11 +0000 (UTC) From: "Amir Mal (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (YARN-2435) Capacity scheduler should only allow Kill Application Requests from ADMINISTER_QUEUE users MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Amir Mal created YARN-2435: ------------------------------ Summary: Capacity scheduler should only allow Kill Application Requests from ADMINISTER_QUEUE users Key: YARN-2435 URL: https://issues.apache.org/jira/browse/YARN-2435 Project: Hadoop YARN Issue Type: Bug Components: capacityscheduler Affects Versions: 2.4.1, 2.5.0 Environment: [root@htc2n1 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago) [root@htc2n1 ~]# uname -a Linux htc2n3.....com 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux [root@htc2n1 ~]# $JAVA_HOME/bin/java -version java version "1.7.0_55" OpenJDK Runtime Environment (rhel-2.4.7.1.el6_5-x86_64 u55-b13) OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode) Reporter: Amir Mal a user without ADMINISTER_QUEUE privilege can kill application from all queues. to replicate the bug: 1) install cluster with {{yarn.resourcemanager.scheduler.class}} set to org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.*CapacityScheduler* 2) created 2 users (user1, user2) each belong to a separate group (group1, group2) 3) set {{acl_submit_applications}} and {{acl_administer_queue}} of the {{root}} and {{root.default}} queues to group1 4) submit job to {{default}} queue by user1 {quote} [user1@htc2n3 ~]$ mapred queue -showacls ... Queue acls for user : user1 Queue Operations ===================== root ADMINISTER_QUEUE,SUBMIT_APPLICATIONS default ADMINISTER_QUEUE,SUBMIT_APPLICATIONS [user1@htc2n3 ~]$ yarn jar /opt/apache/hadoop-2.5.0/share/hadoop/mapreduce/hadoop-mapreduce-examples-2.4.1.jar pi -Dmapreduce.job.queuename=default 4 1000000000 {quote} 5) kill the application by user2 {quote} [user2@htc2n4 ~]$ mapred queue -showacls ... Queue acls for user : user2 Queue Operations ===================== root default [user2@htc2n4 ~]$ yarn application -kill application_1408540602935_0004 ... Killing application application_1408540602935_0004 14/08/21 14:37:54 INFO impl.YarnClientImpl: Killed application application_1408540602935_0004 {quote} -- This message was sent by Atlassian JIRA (v6.2#6252)