[
https://issues.apache.org/jira/browse/MAPREDUCE-1288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12789145#action_12789145
]
Hemanth Yamijala commented on MAPREDUCE-1288:
---------------------------------------------
bq. Even if the entire path were accessible to everyone,
If the entire path were accessible to everyone on DFS, there's really no great
security for that file. I was just trying to point out that such a case may not
even be valid in the context of how MAPREDUCE-856 was approached (i.e we wanted
to secure localized files for users). But I am concurring that one could
theoretically construct a case where the URI was accessible to a group of users
on DFS and since there's no way to securely localize that per group on the TT,
this bug is still valid.
> DistributedCache localizes only once per cache URI
> --------------------------------------------------
>
> Key: MAPREDUCE-1288
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1288
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, tasktracker
> Affects Versions: 0.21.0
> Reporter: Devaraj Das
> Priority: Blocker
> Fix For: 0.21.0
>
>
> As part of the file localization the distributed cache localizer creates a
> copy of the file in the corresponding user's private directory. The
> localization in DistributedCache assumes the key as the URI of the cachefile
> and if it already exists in the map, the localization is not done again. This
> means that another user cannot access the same distributed cache file. We
> should change the key to include the username so that localization is done
> for every user.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
