[ https://issues.apache.org/jira/browse/MAPREDUCE-1664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12907107#action_12907107 ]
Vinod K V commented on MAPREDUCE-1664: -------------------------------------- Minor comments: - mapred-default.xml: "For enabling this flag, this is to be set to true on JobTracker's configuration file and in all TaskTracker's configuration files." can better be "For enabling this flag, this is to be set to true on the configuration files of JobTracker and all the TaskTrackers" - QueueConfigurationParser: aclsEnabled isn't really deprecated as we ignore it completely. May be we should simply say that in the message. - QueueInfo.toFullPropertyName(): QueueInfo is public API. Let's not put this method in there. You can let it be in QueueManager by making QueueManager public but with private visibility classification. Java public scope identifier doesn't really promise the public nature of a class/api anymore at all. You should definitely also put java comments as to where all this method can be used. - ClusterMapReduceTestCase.startCluster() with the added parameter argument seems like a very weird API to have, it isn't even generic enough to accept other information. We can just have this in TestWebUIAuthorization. - QueueManagerTestUtils.createQueuesConfigFile() doesn't need to return a configuration. Adding the mapred-queues.xml as a resource to a configuration object is also useless. - TestJobHistory.testJobHistory(). Do we need a call to createQueuesConfigFile here? It is configuring default queue again, yet the file isn't being put in the classpath. Same in TestRecoveryManager. - TestQueueAclsForCurrentUser.setupConfForNoAccess() : The admin acls configured are different now. Earlier they were u1 for qu1 and " g2" for qu2. > Job Acls affect Queue Acls > -------------------------- > > Key: MAPREDUCE-1664 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-1664 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: security > Affects Versions: 0.22.0 > Reporter: Ravi Gummadi > Assignee: Ravi Gummadi > Fix For: 0.22.0 > > Attachments: 1664.20S.3.4.patch, 1664.patch, > 1664.qAdminsJobView.20S.v1.6.patch, 1664.v1.patch, M1664y20s-testfix.patch, > mr-1664-20-bugfix.patch > > > MAPREDUCE-1307 introduced job ACLs for securing job level operations. So in > current trunk, queue ACLs and job ACLs are checked(with AND for both acls) > for allowing job level operations. So for doing operations like killJob, > killTask and setJobPriority user should be part of both > mapred.queue.{queuename}.acl-administer-jobs and in > mapreduce.job.acl-modify-job. This needs to change so that users who are part > of mapred.queue.{queuename}.acl-administer-jobs will be able to do > killJob,killTask,setJobPriority and users part of > mapreduce.job.acl-modify-job will be able to do > killJob,killTask,setJobPriority. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.