hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohith Sharma K S (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-6811) [ATS1.5] All history logs should be kept under its own User Directory.
Date Wed, 12 Jul 2017 13:41:00 GMT
Rohith Sharma K S created YARN-6811:
---------------------------------------

             Summary: [ATS1.5]  All history logs should be kept under its own User Directory.
                 Key: YARN-6811
                 URL: https://issues.apache.org/jira/browse/YARN-6811
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: timelineclient, timelineserver
            Reporter: Rohith Sharma K S


ATS1.5 allows to store history data in underlying FileSystem folder path i.e */acitve-dir*
and */done-dir*. These base directories are protected for unauthorized user access for other
users data by setting sticky bit for /active-dir. 

But object store filesystems such as WASB does not have user access control on folders and
files. When WASB are used as underlying file system for ATS1.5, the history data which are
stored in FS are accessible to all users. *This would be a security risk*

I would propose to keep history data under its own user directory i.e */active-dir/$USER*
and */done-dir/$USER* unlike remote app-logs. Even this do not solve basic user access from
FS, but it provides capability to plugin Apache Ranger policies for each user folders. One
thing to note that setting policies to each user folder is admin responsibility. But grouping
all history data of one user folder allows to set policies so that user access control is
achieved. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message