Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6890

If UI is not secured, we allow user to kill other users' job even yarn cluster is secured.

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • None
    • 3.0.0-beta1, 2.8.2
    • None
    • None

    Description

      Configuring SPNEGO for web browser could be a head ache, so many production cluster choose to configure a unsecured UI access even for a secured cluster. In this setup, users (login as some random guy) could watch other users job which is expected. However, the kill button (added in YARN-3249 which enabled by default) shouldn't work in this situation.

      Attachments

        1. YARN-6890.patch
          3 kB
          Junping Du
        2. YARN-6890-v2.patch
          3 kB
          Junping Du
        3. YARN-6890-v3.patch
          3 kB
          Junping Du

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. YARN-6891 Can kill other user's applications via RM UI

        • Critical - Crashes, loss of data, severe memory leak.
        • Resolved
        is related to

        Bug - A problem which impairs or prevents the functions of the product. YARN-9522 AppBlock ignores full qualified class name of PseudoAuthenticationHandler

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        relates to

        Improvement - An improvement or enhancement to an existing feature or task. YARN-3249 Add a "kill application" button to Resource Manager's Web UI

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            junping_du Junping Du Assign to me
            ssathish@hortonworks.com Sumana Sathish
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment