[ https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13136855#comment-13136855 ]
Hudson commented on MAPREDUCE-3175: ----------------------------------- Integrated in Hadoop-Mapreduce-0.23-Commit #67 (See [https://builds.apache.org/job/Hadoop-Mapreduce-0.23-Commit/67/]) Merge -c 1189619 from trunk to branch-0.23 to fix MAPREDUCE-3175. acmurthy : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1189628 Files : * /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/CHANGES.txt * /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/security/AdminACLsManager.java * /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java * /hadoop/common/branches/branch-0.23/hadoop-mapreduce-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/security/ApplicationACLsManager.java > Yarn httpservers not created with access Control lists > ------------------------------------------------------ > > Key: MAPREDUCE-3175 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175 > Project: Hadoop Map/Reduce > Issue Type: Sub-task > Components: mrv2 > Affects Versions: 0.23.0 > Reporter: Thomas Graves > Assignee: Jonathan Eagles > Priority: Blocker > Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, > MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, MAPREDUCE-3175.patch > > > RM, NM, job history, and application master httpservers are not created with > access Control lists. I believe this means that anyone can access any of the > standard servlets that check to see if the user has administrator access - > like /jmx, /stacks, etc and ops has no way to restrict access to these things. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira