[ https://issues.apache.org/jira/browse/MAPREDUCE-5571?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron T. Myers moved HADOOP-9999 to MAPREDUCE-5571: --------------------------------------------------- Affects Version/s: (was: 2.0.5-alpha) (was: 1.2.1) 1.2.1 2.0.5-alpha Key: MAPREDUCE-5571 (was: HADOOP-9999) Project: Hadoop Map/Reduce (was: Hadoop Common) > allow access to the DFS job submission + staging directory by members of the > job submitters group > ------------------------------------------------------------------------------------------------- > > Key: MAPREDUCE-5571 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-5571 > Project: Hadoop Map/Reduce > Issue Type: Bug > Affects Versions: 2.0.5-alpha, 1.2.1 > Environment: linux > Reporter: bradley childs > Attachments: HADOOP-1.2-PERM.patch, hadoop-2.0.5-perm.patch > > > The job submission and staging directories are explicitly given 0700 > permissions restricting access of job submission files only to the submitter > UID. this prevents hadoop daemon services running under different UIDs from > reading the job submitters files. it is common unix practice to run daemon > services under their own UIDs for security purposes. > This bug can be demonstrated by creating a single node configuration, which > runs LocalFileSystem and not HDFS. Create two users and add them to a > 'hadoop' group. Start the hadoop services with one of the users, then submit > a map/reduce job with the other user (or run one of the examples). Job > submission ultimately fails and the M/R job doesn't execute. > The fix is simple enough and secure-- change the staging directory > permissions to 2750. i have demonstrated the patch against 2.0.5 (along > with another fix for an incorrect decimal->octal conversion) and will attach > the patch. > this bug is present since very early versions. i would like to fix it at the > lowest level as it's a simple file mode change in all versions, and > localized to one file. is this possible? -- This message was sent by Atlassian JIRA (v6.1#6144)