[jira] [Commented] (YARN-6842) Implement a new access type for queue

Sat, 29 Jul 2017 08:28:32 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-6842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16106154#comment-16106154
 ] 

YunFan Zhou commented on YARN-6842:
-----------------------------------

But there is a security risk that you can see. Users can kill other users' 
application through the RM Web UI.
The https://issues.apache.org/jira/browse/YARN-6890 JIRA is a solution of this 
problem.

I think this solution is not perfect because it simply limits how users can 
kill other users application through the RM Web UI. But there is no limit to 
how users can kill other users application through CLI.

My solution is more perfect, I'm setting the *yarn.acl.enable* to true and 
setting the *yarn.admin.acl* to the administrator. This means that if the user 
is not the administrator of the queue that the application submitted, neither 
through the RM Web UI nor through the CLI (bin/application - kill XXX) can kill 
the other users' applications.

But doing so requires a compromise, and we need to provide a queue *VIEW_APP 
*privilege. 
For users who want to access all queues applications using the RM Web UI, you 
can authorize them the *VIEW_APP *permission of the root queue. 
Of course, administrators can also authorize certain users *VIEW_APP 
*permissions on certain queues. 

I think my solution is perfect, and it does bring a lot of benefits. 
I think at least I can replace the solution of 
https://issues.apache.org/jira/browse/YARN-6890. 
Some thoughts.

> Implement a new access type for queue
> -------------------------------------
>
>                 Key: YARN-6842
>                 URL: https://issues.apache.org/jira/browse/YARN-6842
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: scheduler
>    Affects Versions: 2.8.2
>            Reporter: YunFan Zhou
>            Assignee: YunFan Zhou
>         Attachments: YARN-6842.001.patch, YARN-6842.002.patch, 
> YARN-6842.003.patch
>
>
> When we want to access applications of a queue,  only we can do is become the 
> administer of the queue at present.
> But sometimes we only want  authorize someone view applications of a queue 
> but not modify operation.
> In our current mechanism there isn't any way to meet it, so I will implement 
> a new access type for queue to solve
> this problem.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to