svn commit: r1345308 - in /hadoop/common/branches/branch-1: CHANGES.txt conf/hadoop-env.sh.template src/docs/src/documentation/content/xdocs/cluster_setup.xml

[bobby]

Author: bobby
Date: Fri Jun  1 18:21:18 2012
New Revision: 1345308

URL: http://svn.apache.org/viewvc?rev=1345308&view=rev
Log:
HADOOP-8460. Document proper setting of HADOOP_PID_DIR and 
HADOOP_SECURE_DN_PID_DIR (bobby)

Modified:
    hadoop/common/branches/branch-1/CHANGES.txt
    hadoop/common/branches/branch-1/conf/hadoop-env.sh.template
    
hadoop/common/branches/branch-1/src/docs/src/documentation/content/xdocs/cluster_setup.xml

Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1345308&r1=1345307&r2=1345308&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Fri Jun  1 18:21:18 2012
@@ -13,6 +13,9 @@ Release 1.2.0 - unreleased
     HADOOP-8445. Token should not print the password in toString
     (Ravi Prakash via tgraves)
 
+    HADOOP-8460. Document proper setting of HADOOP_PID_DIR and
+    HADOOP_SECURE_DN_PID_DIR (bobby)
+
 Release 1.1.0 - unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/branches/branch-1/conf/hadoop-env.sh.template
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/conf/hadoop-env.sh.template?rev=1345308&r1=1345307&r2=1345308&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/conf/hadoop-env.sh.template (original)
+++ hadoop/common/branches/branch-1/conf/hadoop-env.sh.template Fri Jun  1 
18:21:18 2012
@@ -45,6 +45,9 @@ export HADOOP_JOBTRACKER_OPTS="-Dcom.sun
 # export HADOOP_SLAVE_SLEEP=0.1
 
 # The directory where pid files are stored. /tmp by default.
+# NOTE: this should be set to a directory that can only be written to by 
+#       the users that are going to run the hadoop daemons.  Otherwise there is
+#       the potential for a symlink attack.
 # export HADOOP_PID_DIR=/var/hadoop/pids
 
 # A string representing this instance of hadoop. $USER by default.

Modified: 
hadoop/common/branches/branch-1/src/docs/src/documentation/content/xdocs/cluster_setup.xml
URL: 
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/docs/src/documentation/content/xdocs/cluster_setup.xml?rev=1345308&r1=1345307&r2=1345308&view=diff
==============================================================================
--- 
hadoop/common/branches/branch-1/src/docs/src/documentation/content/xdocs/cluster_setup.xml
 (original)
+++ 
hadoop/common/branches/branch-1/src/docs/src/documentation/content/xdocs/cluster_setup.xml
 Fri Jun  1 18:21:18 2012
@@ -122,6 +122,11 @@
           <p>At the very least you should specify the
           <code>JAVA_HOME</code> so that it is correctly defined on each
           remote node.</p>
+
+          <p>In most cases you should also specify <code>HADOOP_PID_DIR</code>
+          to point a directory that can only be written to by the users that
+          are going to run the hadoop daemons.  Otherwise there is the
+          potential for a symlink attack.</p>
           
           <p>Administrators can configure individual daemons using the
           configuration options <code>HADOOP_*_OPTS</code>. Various options