[
https://issues.apache.org/jira/browse/HADOOP-1873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546415
]
Hairong Kuang commented on HADOOP-1873:
---------------------------------------
> Will we permit per-file permissions? Wasn't there some discussion that we
> should only support per-directory permissions?
Yes, we do support per-file permission. The only things that we do not support
are sticky bits and excutable file permission.
> There are two entities which must be able to read job files: the
> jobtracker/tasktracker and the submitter. It seems to me this can be handled
> by setting the group to be the jobtracker/tasktracker group, and the owner to
> be the submitter. Then they should be readable by user and group but not
> world. The group of jobtracker/tasktracker could perhaps be returned by a
> JobClient method.
Most of dfs users are also map/reduce users. So using jobtracker/tasktracker
group is almost equivalent to world-wide readable. Secondly dfs does not
support creating groups. All the groups and user names are fetched from unix.
So it is quite a burden to create a jobtracker/tasktracker group for every
mapreduce user in Unix.
> User permissions for Map/Reduce
> -------------------------------
>
> Key: HADOOP-1873
> URL: https://issues.apache.org/jira/browse/HADOOP-1873
> Project: Hadoop
> Issue Type: Improvement
> Reporter: Raghu Angadi
> Assignee: Hairong Kuang
>
> HADOOP-1298 and HADOOP-1701 add permissions and pluggable security for DFS
> files and DFS accesses. Same users permission should work for Map/Reduce jobs
> as well.
> User persmission should propegate from client to map/reduce tasks and all the
> file operations should be subject to user permissions. This is transparent to
> the user (i.e. no changes to user code should be required).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
