[
https://issues.apache.org/jira/browse/MAPREDUCE-3903?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13219243#comment-13219243
]
Thomas Graves commented on MAPREDUCE-3903:
------------------------------------------
Thanks for the review Sid. I'll update the patch with the debug call changed.
I will also go ahead and turn the yarn acls off by default to so they match
mapred settings.
All the cli commands should be consistent - they all use the yarn acls. They
all go through the invoke->getProxy() path which gets an application report,
which does the yarn acl checks.
But yes if yarn acls are on and mapred acls are off, it will still check yarn
acls and enforce them when viewing/killing a mapred job via the cli, but if you
go through the web apps it won't check acls because it only uses the mapred
acls.
> no admin override to view jobs on mr app master and job history server
> ----------------------------------------------------------------------
>
> Key: MAPREDUCE-3903
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3903
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mrv2
> Affects Versions: 0.23.2
> Reporter: Thomas Graves
> Assignee: Thomas Graves
> Priority: Critical
> Attachments: MAPREDUCE-3903.patch, MAPREDUCE-3903.patch
>
>
> in 1.0 there was a config mapreduce.cluster.administrators that allowed
> administrators to view anyones job. That no longer works on yarn.
> yarn has the new config yarn.admin.acl but it appears the mr app master and
> job history server don't use that.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
