BELUGA BEHR created HADOOP-12644: ------------------------------------ Summary: Access Control List Syntax Key: HADOOP-12644 URL: https://issues.apache.org/jira/browse/HADOOP-12644 Project: Hadoop Common Issue Type: Improvement Components: security Reporter: BELUGA BEHR Priority: Minor
Hello, I was recently learning about the configuration option "mapreduce.job.acl-view-job." I was looking at the syntax and the code. I would like to suggest some improvements. ??the format to use is "user1,user2 group1,group". If set to '*', it allows all users/groups to modify this job. If set to ' '(i.e. space), it allows none.?? In reality though, the code is written to split the line on the first space it finds. So: user1,user2 group1, group2 will work. (user1,user2),(group1, group2) user1, user2 group1,group does not work: (user1,),(user2 group1, group2) Also, there are many ways to specify "all": "*" " *" "* " "* *" "user1,user2 *" "* group1,group2" I would like to see the code more strictly enforce what is written in the documentation. This will guard against configuration mistakes. If the input does not match the syntax, an error should be produced and made available in the logs. The use of a semi-colon as a delimiter is advisable so that any white-space in the list of users or groups can simply be ignore. ||mapreduce.job.acl-view-job||Meaning|| |"*"|All access| |" "|No access| |"user1;"|User-only access| |";group1"|Group-only access| |"user1;group1"|User & Group access| -- This message was sent by Atlassian JIRA (v6.3.4#6332)