You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Jonathan Eagles (Commented) (JIRA)" <ji...@apache.org> on 2011/10/22 01:10:32 UTC
[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created
with access Control lists
[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13133177#comment-13133177 ]
Jonathan Eagles commented on MAPREDUCE-3175:
--------------------------------------------
Uploaded a starter patch to get some initial feed back on the design. This patch certainly limits access to admin only on authorization enabled cluster to /stack /metrics /logs /logLevel /conf and /jmx
* Verify overall design is correct
* Looking for a solution to not have to modify HttpServer
* What to do with JobACL in job history. Merge with ApplicationACLsManager?
* ApplicationACLsManager seems to ignore CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
> Key: MAPREDUCE-3175
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Affects Versions: 0.23.0
> Reporter: Thomas Graves
> Assignee: Jonathan Eagles
> Priority: Blocker
> Attachments: MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with access Control lists. I believe this means that anyone can access any of the standard servlets that check to see if the user has administrator access - like /jmx, /stacks, etc and ops has no way to restrict access to these things.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira