[
https://issues.apache.org/jira/browse/MAPREDUCE-3470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Luke Lu resolved MAPREDUCE-3470.
--------------------------------
Resolution: Duplicate
Fix Version/s: 1.2.0
> Jobtracker sets permissions on mapred.system.dir to 700 preventing
> non-superusers from submitting jobs to multi-user cluster
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-3470
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3470
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: jobtracker
> Affects Versions: 0.20.205.0, 1.0.0
> Environment: Debian 6.0 x64_64
> java version "1.6.0_26"
> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
> Java HotSpot(TM) 64-Bit Server VM (build 20.1-b02, mixed mode)
> Reporter: stephen mulcahy
> Fix For: 1.2.0
>
>
> (See thread discussing here -
> https://mail-archives.apache.org/mod_mbox/hadoop-common-user/201111.mbox/%[email protected]%3E)
> I have installed a hadoop 0.20.205.0 cluster for use by multiple users, each
> of which will submit their jobs from remote client systems. I have disabled
> security
> <property>
> <name>hadoop.security.authorization</name>
> <value>false</value>
> </property>
> <property>
> <name>hadoop.security.authentication</name>
> <value>simple</value>
> </property>
> When a user other than super-user attempts to submit a job, they get the
> following error
> 11/11/09 16:32:53 INFO mapred.FileInputFormat: Total input paths to process :
> 2
> 11/11/09 16:32:53 INFO mapred.JobClient: Running job: job_201111091731_0003
> 11/11/09 16:32:54 INFO mapred.JobClient: map 0% reduce 0%
> 11/11/09 16:32:54 INFO mapred.JobClient: Job complete: job_201111091731_0003
> 11/11/09 16:32:54 INFO mapred.JobClient: Counters: 0
> 11/11/09 16:32:54 INFO mapred.JobClient: Job Failed: Job initialization
> failed:
> org.apache.hadoop.security.AccessControlException:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=smulcahy, access=EXECUTE, inode="system":hadoop:supergroup:rwx------
> .....
> which seems to be due to not being able to create a jobToken file in
> <mapred.system.dir>/<job id>/jobToken
> I can reset the permissions on mapred.system.dir to something like 777 but
> when I restart the jobtracker, it resets the permissions back to 700,
> requiring another permissions reset.
> This gives rise to a few questions,
> 1. Should I be able to use a hadoop cluster in this fashion or is this not
> supported (if not, supported, I guess close this bug as invalid). If it is
> not supported, it reduces the usability of hadoop for a class of users like
> myself (but maybe thats a small class).
> 2. If I should be able to use the cluster like this, should
> <mapred.system.dir>/<job id>/jobToken need to be created if security is
> disabled? If no, then I guess is the bug that needs to be fixed. If yes, then
> the jobtracker needs to be modified to allow everyone to create dirs in
> mapred.system.dir (or the method of creation of the jobToken file needs to be
> changed).
> Apologies if this was operator error but I didn't get much feedback on the
> mailing lists so not sure where/how else to raise this.
> Changed introduced in MAPREDUCE-2219
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
