[ https://issues.apache.org/jira/browse/HADOOP-9999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13785289#comment-13785289 ]
Hadoop QA commented on HADOOP-9999: ----------------------------------- {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12606593/HADOOP-1.2-PERM.patch against trunk revision . {color:red}-1 patch{color}. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/3161//console This message is automatically generated. > allow access to the DFS job submission + staging directory by members of the > job submitters group > ------------------------------------------------------------------------------------------------- > > Key: HADOOP-9999 > URL: https://issues.apache.org/jira/browse/HADOOP-9999 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 1.2.1, 2.0.5-alpha > Environment: linux > Reporter: bradley childs > Attachments: HADOOP-1.2-PERM.patch, hadoop-2.0.5-perm.patch > > > The job submission and staging directories are explicitly given 0700 > permissions restricting access of job submission files only to the submitter > UID. this prevents hadoop daemon services running under different UIDs from > reading the job submitters files. it is common unix practice to run daemon > services under their own UIDs for security purposes. > This bug can be demonstrated by creating a single node configuration, which > runs LocalFileSystem and not HDFS. Create two users and add them to a > 'hadoop' group. Start the hadoop services with one of the users, then submit > a map/reduce job with the other user (or run one of the examples). Job > submission ultimately fails and the M/R job doesn't execute. > The fix is simple enough and secure-- change the staging directory > permissions to 2750. i have demonstrated the patch against 2.0.5 (along > with another fix for an incorrect decimal->octal conversion) and will attach > the patch. > this bug is present since very early versions. i would like to fix it at the > lowest level as it's a simple file mode change in all versions, and > localized to one file. is this possible? -- This message was sent by Atlassian JIRA (v6.1#6144)