[
https://issues.apache.org/jira/browse/MAPREDUCE-6567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15051772#comment-15051772
]
Daniel Templeton commented on MAPREDUCE-6567:
---------------------------------------------
The syntax proposed in the patch should not work. The accepted syntax is:
{{user1[,user2[...[,userN]]] group1[,group2[...[groupN]]]}}. If the entire
user or group section is {{*}}, it allows all access, e.g. {{user *}} or {{*
group}} or just {{*}}. See
https://www.codatlas.com/github.com/apache/hadoop/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java?line=105.
> mapreduce ACLs documentation shows incorrect syntax
> ---------------------------------------------------
>
> Key: MAPREDUCE-6567
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-6567
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: documentation
> Reporter: Dustin Cote
> Assignee: Dustin Cote
> Priority: Minor
> Attachments: MAPREDUCE-6567-1.patch
>
>
> The description of the mapreduce.job.acl-* in the mapred-default.xml shows
> the wrong syntax.
> {quote}
> For specifying a list of users and groups the format to use is "user1,user2
> group1,group". If set to '*', it allows all users/groups to modify this job.
> {quote}
> This doesn't actually work. The syntax that does work:
> {quote}
> For specifying a list of users and groups the format to use is "user1,user2
> group1,* group". If set to '*', it allows all users/groups to modify this job.
> {quote}
> The difference being that to make all members of a group have permissions for
> an ACL, the specification must be '* group' not just 'group'.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
