Return-Path: X-Original-To: apmail-pig-commits-archive@www.apache.org Delivered-To: apmail-pig-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9814D1117E for ; Sun, 8 Jun 2014 00:45:17 +0000 (UTC) Received: (qmail 75739 invoked by uid 500); 8 Jun 2014 00:45:17 -0000 Delivered-To: apmail-pig-commits-archive@pig.apache.org Received: (qmail 75699 invoked by uid 500); 8 Jun 2014 00:45:17 -0000 Mailing-List: contact commits-help@pig.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@pig.apache.org Delivered-To: mailing list commits@pig.apache.org Received: (qmail 75692 invoked by uid 99); 8 Jun 2014 00:45:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Jun 2014 00:45:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Jun 2014 00:45:17 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 01EFF2388906; Sun, 8 Jun 2014 00:44:53 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1601187 - in /pig/branches/branch-0.13: CHANGES.txt src/docs/src/documentation/content/xdocs/admin.xml Date: Sun, 08 Jun 2014 00:44:52 -0000 To: commits@pig.apache.org From: cheolsoo@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140608004453.01EFF2388906@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: cheolsoo Date: Sun Jun 8 00:44:52 2014 New Revision: 1601187 URL: http://svn.apache.org/r1601187 Log: PIG-3990: ant docs is broken in trunk/branch-0.13 (cheolsoo) Modified: pig/branches/branch-0.13/CHANGES.txt pig/branches/branch-0.13/src/docs/src/documentation/content/xdocs/admin.xml Modified: pig/branches/branch-0.13/CHANGES.txt URL: http://svn.apache.org/viewvc/pig/branches/branch-0.13/CHANGES.txt?rev=1601187&r1=1601186&r2=1601187&view=diff ============================================================================== --- pig/branches/branch-0.13/CHANGES.txt (original) +++ pig/branches/branch-0.13/CHANGES.txt Sun Jun 8 00:44:52 2014 @@ -147,6 +147,8 @@ PIG-3882: Multiquery off mode execution BUG FIXES +PIG-3990: ant docs is broken in trunk/branch-0.13 (cheolsoo) + PIG-3989: PIG_OPTS does not work with some version of HADOOP (daijy) PIG-3739: The Warning_4 e2e test is broken in trunk (aniket486) Modified: pig/branches/branch-0.13/src/docs/src/documentation/content/xdocs/admin.xml URL: http://svn.apache.org/viewvc/pig/branches/branch-0.13/src/docs/src/documentation/content/xdocs/admin.xml?rev=1601187&r1=1601186&r2=1601187&view=diff ============================================================================== --- pig/branches/branch-0.13/src/docs/src/documentation/content/xdocs/admin.xml (original) +++ pig/branches/branch-0.13/src/docs/src/documentation/content/xdocs/admin.xml Sun Jun 8 00:44:52 2014 @@ -34,21 +34,26 @@
- Disabling Pig commands and operators -

This is an admin feature providing ability to blacklist or/and whitelist certain commands and operations. Pig exposes a few of these that could be not very safe in a multitenant environment. For example, "sh" invokes shell commands, "set" allows users to change non-final configs. While these are tremendously useful in general, having an ability to disable would make Pig a safer platform. The goal is to allow administrators to be able to have more control over user scripts. Default behaviour would still be the same - no filters applied on commands and operators.

-

There are two properties you can use to control what users are able to do

+ Disabling Pig commands and operators +

This is an admin feature providing ability to blacklist or/and whitelist certain commands and operations. Pig exposes a few of these that could be not very safe in a multitenant environment. For example, "sh" invokes shell commands, "set" allows users to change non-final configs. While these are tremendously useful in general, having an ability to disable would make Pig a safer platform. The goal is to allow administrators to be able to have more control over user scripts. Default behaviour would still be the same - no filters applied on commands and operators.

+

There are two properties you can use to control what users are able to do

  • pig.blacklist
  • pig.whitelist
-

Blacklisting

-

Set "pig.blacklist" to a comma-delimited set of operators and commands. For eg, pig.blacklist=rm,kill,cross would disable users from executing any of "rm", "kill" commands and "cross" operator.

- -

Whitelisting

-

This is an even safer approach to disallowing functionality in Pig. Using this you will be able to disable all commands and operators that are not a part of the whitelist. For eg, pig.whitelist=load,filter,store will disallow every command and operator other than "load", "filter" and "store".

-

Note

+
+ Blacklisting +

Set "pig.blacklist" to a comma-delimited set of operators and commands. For eg, pig.blacklist=rm,kill,cross would disable users from executing any of "rm", "kill" commands and "cross" operator.

+
+
+ Whitelisting +

This is an even safer approach to disallowing functionality in Pig. Using this you will be able to disable all commands and operators that are not a part of the whitelist. For eg, pig.whitelist=load,filter,store will disallow every command and operator other than "load", "filter" and "store".

+
+
+ Note

There should not be any conflicts between blacklist and whitelist. Make sure to have them entirely distinct or Pig will complain.

+
- +