Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6811

[ATS1.5] All history logs should be kept under its own User Directory.

    Details

    • Hadoop Flags:
      Reviewed

      Description

      ATS1.5 allows to store history data in underlying FileSystem folder path i.e /acitve-dir and /done-dir. These base directories are protected for unauthorized user access for other users data by setting sticky bit for /active-dir.

      But object store filesystems such as WASB does not have user access control on folders and files. When WASB are used as underlying file system for ATS1.5, the history data which are stored in FS are accessible to all users. This would be a security risk

      I would propose to keep history data under its own user directory i.e /active-dir/$USER. Even this do not solve basic user access from FS, but it provides capability to plugin Apache Ranger policies for each user folders. One thing to note that setting policies to each user folder is admin responsibility. But grouping all history data of one user folder allows to set policies so that user access control is achieved.

        Attachments

        1. YARN-6811.01.patch
          14 kB
          Rohith Sharma K S
        2. YARN-6811.02.patch
          22 kB
          Rohith Sharma K S
        3. YARN-6811-branch-2.01.patch
          22 kB
          Rohith Sharma K S

          Activity

            People

            • Assignee:
              rohithsharma Rohith Sharma K S
              Reporter:
              rohithsharma Rohith Sharma K S
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: