Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-899

When using LinuxTaskController, localized files may become accessible to unintended users if permissions are misconfigured.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: tasktracker
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed
    • Release Note:
      Hide
      Added configuration "mapreduce.tasktracker.group", a group name to which TaskTracker belongs. When LinuxTaskController is used, task-controller binary's group owner should be this group. The same should be specified in task-controller.cfg also.
      Show
      Added configuration "mapreduce.tasktracker.group", a group name to which TaskTracker belongs. When LinuxTaskController is used, task-controller binary's group owner should be this group. The same should be specified in task-controller.cfg also.

      Description

      To enforce the accessibility of job files to only the job-owner and the TaskTracker, as per MAPREDUCE-842, it is trusted that the setuid/setgid linux TaskController binary is group owned by a special group to which only TaskTracker belongs and not just any group to which TT belongs. If the trust is broken, possibly due to misconfiguration by admins, the local files become accessible to unintended users, yet giving false sense of security to the admins.

        Attachments

        1. MAPREDUCE-899-20090828.txt
          9 kB
          Vinod Kumar Vavilapalli
        2. mr-899-20.patch
          25 kB
          Hemanth Yamijala
        3. patch-899.txt
          10 kB
          Amareshwari Sriramadasu
        4. patch-899-1.txt
          21 kB
          Amareshwari Sriramadasu
        5. patch-899-2.txt
          25 kB
          Amareshwari Sriramadasu
        6. patch-899-3.txt
          28 kB
          Amareshwari Sriramadasu
        7. patch-899-4.txt
          27 kB
          Amareshwari Sriramadasu
        8. patch-899-5.txt
          26 kB
          Amareshwari Sriramadasu
        9. patch-899-6.txt
          25 kB
          Amareshwari Sriramadasu
        10. patch-899-7.txt
          25 kB
          Hemanth Yamijala
        11. testplan.txt
          1 kB
          Amareshwari Sriramadasu

          Issue Links

            Activity

              People

              • Assignee:
                amareshwari Amareshwari Sriramadasu
                Reporter:
                vinodkv Vinod Kumar Vavilapalli
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: