[
https://issues.apache.org/jira/browse/HADOOP-1873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12546459
]
Doug Cutting commented on HADOOP-1873:
--------------------------------------
> We only need a single group.
Sorry. I was mistaken. I assumed that the owner could change the group to a
group that they're not a member of, but in fact that's not permitted. Oops.
So perhaps the system dir can be world-writable but not world-readable or
executable? Then users can add files to it when they're submitting jobs, but
other users cannot read those files? Could that work? My hope is to avoid
having the jobtracker and tasktracker assume the user's identity if possible,
but still make it so that a users job submissions are not publicly readable.
> User permissions for Map/Reduce
> -------------------------------
>
> Key: HADOOP-1873
> URL: https://issues.apache.org/jira/browse/HADOOP-1873
> Project: Hadoop
> Issue Type: Improvement
> Reporter: Raghu Angadi
> Assignee: Hairong Kuang
>
> HADOOP-1298 and HADOOP-1701 add permissions and pluggable security for DFS
> files and DFS accesses. Same users permission should work for Map/Reduce jobs
> as well.
> User persmission should propegate from client to map/reduce tasks and all the
> file operations should be subject to user permissions. This is transparent to
> the user (i.e. no changes to user code should be required).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
