Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Hide
      Added job-level authorization to MapReduce. JobTracker will now use the cluster configuration "mapreduce.cluster.job-authorization-enabled" to enable the checks to verify the authority of access of jobs where ever needed. Introduced two job-configuration properties to specify ACLs: "mapreduce.job.acl-view-job" and "mapreduce.job.acl-modify-job". For now, RPCs related to job-level counters, task-level counters and tasks' diagnostic information are protected by "mapreduce.job.acl-view-job" ACL. "mapreduce.job.acl-modify-job" protects killing of a job, killing a task of a job, failing a task of a job and setting the priority of a job. Irrespective of the above two ACLs, job-owner, superuser and members of supergroup configured on JobTracker via mapred.permissions.supergroup, can do all the view and modification operations.
      Show
      Added job-level authorization to MapReduce. JobTracker will now use the cluster configuration "mapreduce.cluster.job-authorization-enabled" to enable the checks to verify the authority of access of jobs where ever needed. Introduced two job-configuration properties to specify ACLs: "mapreduce.job.acl-view-job" and "mapreduce.job.acl-modify-job". For now, RPCs related to job-level counters, task-level counters and tasks' diagnostic information are protected by "mapreduce.job.acl-view-job" ACL. "mapreduce.job.acl-modify-job" protects killing of a job, killing a task of a job, failing a task of a job and setting the priority of a job. Irrespective of the above two ACLs, job-owner, superuser and members of supergroup configured on JobTracker via mapred.permissions.supergroup, can do all the view and modification operations.

      Description

      It would be good to define the notion of job permissions analogous to file permissions. Then the JobTracker can restrict who can "read" (e.g. look at the job page) or "modify" (e.g. kill) jobs.

      1. MAPREDUCE-1307-20100227-ydist.txt
        57 kB
        Vinod Kumar Vavilapalli
      2. MAPREDUCE-1307-20100226.1-ydist.txt
        57 kB
        Vinod Kumar Vavilapalli
      3. MAPREDUCE-1307-20100217.txt
        60 kB
        Vinod Kumar Vavilapalli
      4. MAPREDUCE-1307-20100215.txt
        39 kB
        Vinod Kumar Vavilapalli
      5. MAPREDUCE-1307-20100211.txt
        36 kB
        Vinod Kumar Vavilapalli
      6. MAPREDUCE-1307-20100210.txt
        35 kB
        Vinod Kumar Vavilapalli
      7. 1307-early-1.patch
        13 kB
        Devaraj Das

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Vinod Kumar Vavilapalli
              Reporter:
              Devaraj Das
            • Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development