You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2013/05/06 20:10:16 UTC

[jira] [Commented] (MAPREDUCE-5210) Job submission has strict permission validation

    [ https://issues.apache.org/jira/browse/MAPREDUCE-5210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13649933#comment-13649933 ] 

Vinod Kumar Vavilapalli commented on MAPREDUCE-5210:
----------------------------------------------------

bq. For file systems such as S3, which do not have permission concept
Interesting. Seems like there is some kind of password based protection i.e. only auth and no authz for S3, but S3FileSystem isn't supporting any of that. We can definitely abstract this check out, and as much as I hate it, put in specific checks for S3FileSystem. Ideally, FileSystem should have an API to check ownership.
                
> Job submission has strict permission validation
> -----------------------------------------------
>
>                 Key: MAPREDUCE-5210
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5210
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Amareshwari Sriramadasu
>            Assignee: samar
>
> The following code in JobSubmissionFiles.java mandates strict permission on job submission :
> {noformat}
>     if (fs.exists(stagingArea)) {
>       FileStatus fsStatus = fs.getFileStatus(stagingArea);
>       String owner = fsStatus.getOwner();
>       if (!(owner.equals(currentUser) || owner.equals(realUser))) {
>          throw new IOException("The ownership on the staging directory " +
>                       stagingArea + " is not as expected. " + 
>                       "It is owned by " + owner + ". The directory must " +
>                       "be owned by the submitter " + currentUser + " or " +
>                       "by " + realUser);
>       }
> {noformat}
> For file systems such as S3, which do not have permission concept, user can never submit a job with staging area in S3. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira