[jira] [Reopened] (MAPREDUCE-5475) MRClientService does not verify ACLs properly
[ https://issues.apache.org/jira/browse/MAPREDUCE-5475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Lowe reopened MAPREDUCE-5475: --- Reverting this again... With YARN-707 users can see their own jobs again, but other users can still kill them because the token user is always the app submitter, and the AM sees all authenticated client connections coming from that user. MRClientService does not verify ACLs properly - Key: MAPREDUCE-5475 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5475 Project: Hadoop Map/Reduce Issue Type: Bug Components: mr-am, mrv2 Affects Versions: 2.0.4-alpha, 0.23.9 Reporter: Jason Lowe Assignee: Jason Lowe Priority: Blocker Fix For: 2.1.1-beta Attachments: MAPREDUCE-5475.branch-0.23.patch, MAPREDUCE-5475.patch When MRClientService receives requests, it calls verifyAndGetJob which does not actually validate that the current user has the proper access. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Reopened] (MAPREDUCE-5475) MRClientService does not verify ACLs properly
[ https://issues.apache.org/jira/browse/MAPREDUCE-5475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jason Lowe reopened MAPREDUCE-5475: --- Reopening, as this appears to be causing problems on a secure cluster. Getting exceptions on the job submission client after the job starts running and it tries to connect to monitor the job: 13/08/22 18:51:59 ERROR security.UserGroupInformation: PriviledgedActionException as:x@y (auth:KERBEROS) cause:java.io.IOException: org.apache.hadoop.security.AccessControlException: User appattempt_1377189855273_0006_01 cannot perform operation VIEW_JOB Will revert the change for now until we better understand what's going on. MRClientService does not verify ACLs properly - Key: MAPREDUCE-5475 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5475 Project: Hadoop Map/Reduce Issue Type: Bug Components: mr-am, mrv2 Affects Versions: 2.0.4-alpha, 0.23.9 Reporter: Jason Lowe Assignee: Jason Lowe Priority: Blocker Fix For: 2.1.1-beta Attachments: MAPREDUCE-5475.branch-0.23.patch, MAPREDUCE-5475.patch When MRClientService receives requests, it calls verifyAndGetJob which does not actually validate that the current user has the proper access. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira