bradley childs created HADOOP-9999:
--------------------------------------
Summary: allow access to the DFS job submission + staging
directory by members of the job submitters group
Key: HADOOP-9999
URL: https://issues.apache.org/jira/browse/HADOOP-9999
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.0.5-alpha
Environment: linux
Reporter: bradley childs
The job submission and staging directories are explicitly given 0700
permissions restricting access of job submission files only to the submitter
UID. this prevents hadoop daemon services running under different UIDs from
reading the job submitters files. it is common unix practice to run daemon
services under their own UIDs for security purposes.
This bug can be demonstrated by creating a single node configuration, which
runs LocalFileSystem and not HDFS. Create two users and add them to a 'hadoop'
group. Start the hadoop services with one of the users, then submit a
map/reduce job with the other user (or run one of the examples). Job
submission ultimately fails and the M/R job doesn't execute.
The fix is simple enough and secure-- change the staging directory permissions
to 2750. i have demonstrated the patch against 2.0.5 (along with another fix
for an incorrect decimal->octal conversion) and will attach the patch.
this bug is present since very early versions. i would like to fix it at the
lowest level as it's a simple file mode change in all versions, and localized
to one file. is this possible?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
