BELUGA BEHR created HADOOP-12644:
------------------------------------
Summary: Access Control List Syntax
Key: HADOOP-12644
URL: https://issues.apache.org/jira/browse/HADOOP-12644
Project: Hadoop Common
Issue Type: Improvement
Components: security
Reporter: BELUGA BEHR
Priority: Minor
Hello,
I was recently learning about the configuration option
"mapreduce.job.acl-view-job." I was looking at the syntax and the code. I
would like to suggest some improvements.
??the format to use is "user1,user2 group1,group". If set to '*', it allows all
users/groups to modify this job. If set to ' '(i.e. space), it allows none.??
In reality though, the code is written to split the line on the first space it
finds. So:
user1,user2 group1, group2 will work.
(user1,user2),(group1, group2)
user1, user2 group1,group does not work:
(user1,),(user2 group1, group2)
Also, there are many ways to specify "all":
"*"
" *"
"* "
"* *"
"user1,user2 *"
"* group1,group2"
I would like to see the code more strictly enforce what is written in the
documentation. This will guard against configuration mistakes. If the input
does not match the syntax, an error should be produced and made available in
the logs. The use of a semi-colon as a delimiter is advisable so that any
white-space in the list of users or groups can simply be ignore.
||mapreduce.job.acl-view-job||Meaning||
|"*"|All access|
|" "|No access|
|"user1;"|User-only access|
|";group1"|Group-only access|
|"user1;group1"|User & Group access|
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
