Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3417

job access controls not working app master and job history UI's



    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 0.23.0
    • 0.23.1
    • mrv2
    • None
    • Reviewed
    • Fixed job-access-controls to work with MR AM and JobHistoryServer web-apps.


      tested with security on, no filters defined for httpserver, job acls set so that only I could view/modify the job. Then went to the web ui to app master and job history server and both allowed me to view the job details. The webui shows the user "webuser". The RM properly rejected my request although it was using user "Dr.Who".

      The exception shown in the log is:
      11/11/16 18:58:53 INFO mapred.JobACLsManager: job checkAccess user is: webuser
      11/11/16 18:58:53 WARN security.ShellBasedUnixGroupsMapping: got exception trying to get groups for user webuser
      org.apache.hadoop.util.Shell$ExitCodeException: id: webuser: No such user

      at org.apache.hadoop.util.Shell.runCommand(Shell.java:261)
      at org.apache.hadoop.util.Shell.run(Shell.java:188)
      at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:381)
      at org.apache.hadoop.util.Shell.execCommand(Shell.java:467)
      at org.apache.hadoop.util.Shell.execCommand(Shell.java:450)
      at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:86)
      at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:55)
      at org.apache.hadoop.security.Groups.getGroups(Groups.java:88)
      at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1043)
      at org.apache.hadoop.security.authorize.AccessControlList.isUserAllowed(AccessControlList.java:221)
      at org.apache.hadoop.mapred.JobACLsManager.checkAccess(JobACLsManager.java:103)
      at org.apache.hadoop.mapreduce.v2.hs.CompletedJob.checkAccess(CompletedJob.java:325)
      at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.checkAccess(AppController.java:292)
      at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.requireJob(AppController.java:313)
      at org.apache.hadoop.mapreduce.v2.app.webapp.AppController.job(AppController.java:97)


        1. MAPREDUCE-3417.patch
          15 kB
          Jonathan Turner Eagles
        2. MAPREDUCE-3417.patch
          17 kB
          Jonathan Turner Eagles
        3. MAPREDUCE-3417.patch
          19 kB
          Jonathan Turner Eagles
        4. MAPREDUCE-3417.patch
          19 kB
          Jonathan Turner Eagles
        5. MAPREDUCE-3417.patch
          19 kB
          Jonathan Turner Eagles
        6. MAPREDUCE-3417.patch
          14 kB
          Jonathan Turner Eagles
        7. MAPREDUCE-3417.patch
          12 kB
          Jonathan Turner Eagles
        8. MAPREDUCE-3417.patch
          12 kB
          Jonathan Turner Eagles



            jeagles Jonathan Turner Eagles
            tgraves Thomas Graves
            0 Vote for this issue
            2 Start watching this issue