You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@oozie.apache.org by Jay Vyas <ja...@gmail.com> on 2014/02/15 03:04:51 UTC
ownership of job.properties/appTokens and other oozie resulting files
in MR jobs.
Hi oozie:
I'm trying to find the best practices for the permissions models for oozie
submitted jobs is , in "typical" scenarios. This is particularly important
to me because im running jobs in a Linux container.
1) How do people "normally" submit oozie jobs ? As themselves? As
user=oozie?
2) What about in a linux container environment : Then how would someone
typically submit an oozie job?
Thanks!
--
Jay Vyas
http://jayunit100.blogspot.com
Re: ownership of job.properties/appTokens and other oozie resulting
files in MR jobs.
Posted by Harsh J <ha...@cloudera.com>.
Hi,
Users of Oozie submit jobs as themselves typically. I've not observed
any of the customers I work with grant super-user access (i.e. 'oozie'
access) to users.
Oozie's impersonation allowance allows it to run the jobs as the right
user. Coupled with an LTC or LCE, this ends up making the launcher map
tasks run as the right user as well.
P.s. The job.properties is a local file that's used to supply some
parameters during the REST call made by clients to the Oozie server.
They do not get propagated as files to HDFS/Jobs/etc..
On Sat, Feb 15, 2014 at 7:34 AM, Jay Vyas <ja...@gmail.com> wrote:
> Hi oozie:
>
> I'm trying to find the best practices for the permissions models for oozie
> submitted jobs is , in "typical" scenarios. This is particularly important
> to me because im running jobs in a Linux container.
>
> 1) How do people "normally" submit oozie jobs ? As themselves? As
> user=oozie?
>
> 2) What about in a linux container environment : Then how would someone
> typically submit an oozie job?
>
> Thanks!
>
> --
> Jay Vyas
> http://jayunit100.blogspot.com
--
Harsh J