hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tristan Stevens (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-8026) FairScheduler queue ACLs not implemented for application actions
Date Mon, 12 Mar 2018 19:33:00 GMT
Tristan Stevens created YARN-8026:

             Summary: FairScheduler queue ACLs not implemented for application actions
                 Key: YARN-8026
                 URL: https://issues.apache.org/jira/browse/YARN-8026
             Project: Hadoop YARN
          Issue Type: Bug
          Components: fairscheduler
            Reporter: Tristan Stevens

The mapred-site.xml options mapreduce.job.acl-modify-job and mapreduce.job.acl-view-job both
specify that queue ACLs should apply for read and modify operations on a job, however according
to org.apache.hadoop.yarn.server.security.ApplicationACLsManager.java this feature has not
been implemented.

This is very important otherwise it is difficult to manage a cluster with a complicated queue
hierarchy without either putting everyone in the admin ACL, getting many support tickets or
asking people to remember to set mapreduce.job.acl-modify-job and mapreduce.job.acl-view-job.

Extract from mapred-default.xml:
bq.  Irrespective of this ACL configuration, (a) job-owner, (b) the user who started the cluster,
(c) members of an admin configured supergroup configured via mapreduce.cluster.permissions.supergroup
and *(d) queue administrators of the queue to which this job was submitted* to configured
via acl-administer-jobs for the specific queue in mapred-queues.xml can do all the view operations
on a job. 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org

View raw message