[
https://issues.apache.org/jira/browse/HADOOP-4491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735175#action_12735175
]
Owen O'Malley commented on HADOOP-4491:
---------------------------------------
After a little playing around with Linux, it looks like it blocks using hard
links for directories, even for root. *frown*
That leaves us two options for dealing with the logs directory:
1. Create the files and make hard links on the files and make sure the files
are appended to.
2. Use acls on the directories to limit access to just the mapred and job
user.
I'm leaning toward the second one.
{noformat}
$ttroot - mapred, 755
|
|- jobs - mapred 755
| |
| '-- $jobid - mapred 700 + rw access by $user
| |
| |- distcache - mapred 755
| |- jars - mapred 755
| | '-- job.jar
| `-- $attemptid - mapred 755
| |- job.xml
| |- taskjvm.sh
| |- work - $user 700
| |- logs - $user 755
| `-- output - $user 755
'-- system
|
`-- $jobid
|
|- job.xml
{noformat}
So all of the protection is at the $jobid level. The user only has write access
to the work, logs, and output directories.
Thoughts?
> Per-job local data on the TaskTracker node should have right access-control
> ---------------------------------------------------------------------------
>
> Key: HADOOP-4491
> URL: https://issues.apache.org/jira/browse/HADOOP-4491
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Arun C Murthy
> Assignee: Vinod K V
> Attachments: HADOOP-4491-20090623-common.1.txt,
> HADOOP-4491-20090623-mapred.1.txt, HADOOP-4491-20090703-common.1.txt,
> HADOOP-4491-20090703-common.txt, HADOOP-4491-20090703.1.txt,
> HADOOP-4491-20090703.txt, HADOOP-4491-20090707-common.txt,
> HADOOP-4491-20090707.txt, HADOOP-4491-20090716-mapred.txt
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
