Github user andrewor14 commented on a diff in the pull request:
https://github.com/apache/spark/pull/509#discussion_r11916240
--- Diff: core/src/main/scala/org/apache/spark/SecurityManager.scala ---
@@ -139,13 +139,13 @@ private[spark] class SecurityManager(sparkConf:
SparkConf) extends Logging {
private val sparkSecretLookupKey = "sparkCookie"
private val authOn = sparkConf.getBoolean("spark.authenticate", false)
- private val uiAclsOn = sparkConf.getBoolean("spark.ui.acls.enable",
false)
+ private var uiAclsOn = sparkConf.getBoolean("spark.ui.acls.enable",
false)
--- End diff --
Correct me if I'm wrong, but right now the semantics are as follows: If the
user manually calls `setUIAcls`, the UI ignores `spark.ui.acls.enable` even if
it's false. This is a little confusing to me. It seems that
`spark.ui.acls.enable` should be the ultimate stopper for whether ACLs should
be enabled for the UI at all. If this is set to false, then we should obey it.
This is the semantics of `spark.eventLog.enabled`, for example. There's no
other way to enable event logging other than setting the flag. I think the user
may be a little confused if they explicitly set `spark.ui.acls.enable` to false
but somehow there are still ACLs on their UIs.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
