[
https://issues.apache.org/jira/browse/HADOOP-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607859#action_12607859
]
Owen O'Malley commented on HADOOP-3578:
---------------------------------------
Ok, some more details...
I'd suggest using:
system dir: perm = rwxr-xr-x, owner = mapreduce
job dir: perm = rwx------, owner = job owner
the job client would create the jobdir in the staging directory, which is in
the user's home directory on the file system with the system dir on it.
When the job is submitted, we send the jobconf over rpc by making Configuration
implement Writable. This will allow the job tracker to load the job conf
without being a super user.
Now the job tracker uses the credentials in the jobconf to move the directory
under the system dir. This way, we get:
* the job tracker is not a super user
* users can not read the jobdir of other users
* users do not have permissions to write into the system dir
* the jobdir is written only once by the jobclient
* it is not a big change to the current job tracker / job client
thoughts?
> mapred.system.dir should be accessible only to hadoop daemons
> --------------------------------------------------------------
>
> Key: HADOOP-3578
> URL: https://issues.apache.org/jira/browse/HADOOP-3578
> Project: Hadoop Core
> Issue Type: Bug
> Components: mapred
> Reporter: Amar Kamat
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job
> details. Hence the {{mapred.system.dir}} has the permissions of
> {{rwx-wx-wx}}. This could be a security loophole where the job files might
> get overwritten/tampered after the job submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
