[
https://issues.apache.org/jira/browse/HADOOP-9999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779050#comment-13779050
]
Hadoop QA commented on HADOOP-9999:
-----------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12605289/hadoop-2.0.5-perm.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3129//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3129//console
This message is automatically generated.
> allow access to the DFS job submission + staging directory by members of the
> job submitters group
> -------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9999
> URL: https://issues.apache.org/jira/browse/HADOOP-9999
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.5-alpha
> Environment: linux
> Reporter: bradley childs
> Attachments: hadoop-2.0.5-perm.patch
>
>
> The job submission and staging directories are explicitly given 0700
> permissions restricting access of job submission files only to the submitter
> UID. this prevents hadoop daemon services running under different UIDs from
> reading the job submitters files. it is common unix practice to run daemon
> services under their own UIDs for security purposes.
> This bug can be demonstrated by creating a single node configuration, which
> runs LocalFileSystem and not HDFS. Create two users and add them to a
> 'hadoop' group. Start the hadoop services with one of the users, then submit
> a map/reduce job with the other user (or run one of the examples). Job
> submission ultimately fails and the M/R job doesn't execute.
> The fix is simple enough and secure-- change the staging directory
> permissions to 2750. i have demonstrated the patch against 2.0.5 (along
> with another fix for an incorrect decimal->octal conversion) and will attach
> the patch.
> this bug is present since very early versions. i would like to fix it at the
> lowest level as it's a simple file mode change in all versions, and
> localized to one file. is this possible?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
