[
https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Devaraj Das updated MAPREDUCE-1307:
-----------------------------------
Attachment: 1307-early-1.patch
Attaching a rough draft of what i am thinking of.
1) Introduced mapreduce.job.permission and mapreduce.job.group config options
using which users can define (octal) permissions for their job and what groups
can perform actions on the job. Only READ & WRITE bits are considered for
enforcing permissions. The execute bit of permissions is ignored,
2) Introduced a new class JobPermission that wraps a FsPermission (a very thin
wrapper). All operations are delegated to the FsPermission object.
All command line operations that try to do some job operation (like kill, etc.)
should be covered by this patch..
Thoughts?
> Introduce the concept of Job Permissions
> ----------------------------------------
>
> Key: MAPREDUCE-1307
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Devaraj Das
> Fix For: 0.22.0
>
> Attachments: 1307-early-1.patch
>
>
> It would be good to define the notion of job permissions analogous to file
> permissions. Then the JobTracker can restrict who can "read" (e.g. look at
> the job page) or "modify" (e.g. kill) jobs.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
