hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jian He (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5554) MoveApplicationAcrossQueues does not check user permission on the target queue
Date Thu, 01 Sep 2016 05:40:20 GMT

    [ https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15454389#comment-15454389
] 

Jian He commented on YARN-5554:
-------------------------------

For the permission part: should we check  (submit_acl_on_target_queue || target_queue_adminAcl)
&& application_acl
The first half means permission on the target queue;  The second half means permission on
application itself.
I think the first half is also what being used currently in SubmitApplication

> MoveApplicationAcrossQueues does not check user permission on the target queue
> ------------------------------------------------------------------------------
>
>                 Key: YARN-5554
>                 URL: https://issues.apache.org/jira/browse/YARN-5554
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.7.2
>            Reporter: Haibo Chen
>            Assignee: Wilfred Spiegelenburg
>         Attachments: YARN-5554.2.patch, YARN-5554.3.patch
>
>
> moveApplicationAcrossQueues operation currently does not check user permission on the
target queue. This incorrectly allows one user to move his/her own applications to a queue
that the user has no access to



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message