[
https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12834056#action_12834056
]
Devaraj Das commented on MAPREDUCE-1455:
----------------------------------------
bq. 3) As tasktracker doesn't have the job ACLs, when any one tries to access
task logs of a job, I propose we store the job ACLs in a file say job-acls.xml)
when task log files are created by taskTracker. And tasktracker will read this
job-acls.xml when somebody tries to access task logs using web UI and does the
authorization. I guess job-acls.xml can contain only the 2 config properties
mapreduce.job.user.name and mapreduce.job.acl-view-job.
Does it make sense to have the info in the log.info file that is already there
in the task logs directory?
> Authorization for servlets
> --------------------------
>
> Key: MAPREDUCE-1455
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: jobtracker, security, tasktracker
> Reporter: Devaraj Das
> Assignee: Ravi Gummadi
> Fix For: 0.22.0
>
>
> This jira is about building the authorization for servlets (on top of
> MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization
> checks on web requests based on the configured job permissions. For e.g., if
> the job permission is 600, then no one except the authenticated user can look
> at the job details via the browser. The authenticated user in the servlet can
> be obtained using the HttpServletRequest method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
