[
https://issues.apache.org/jira/browse/YARN-6811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115099#comment-16115099
]
Hudson commented on YARN-6811:
------------------------------
SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #12122 (See
[https://builds.apache.org/job/Hadoop-trunk-Commit/12122/])
YARN-6811. [ATS1.5] All history logs should be kept under its own User
(junping_du: rev f44b349b813508f0f6d99ca10bddba683dedf6c4)
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timeline-pluginstorage/src/main/java/org/apache/hadoop/yarn/server/timeline/EntityGroupFSTimelineStore.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/FileSystemTimelineWriter.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineClientForATS1_5.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timeline-pluginstorage/src/test/java/org/apache/hadoop/yarn/server/timeline/TestEntityGroupFSTimelineStore.java
* (edit)
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
> [ATS1.5] All history logs should be kept under its own User Directory.
> -----------------------------------------------------------------------
>
> Key: YARN-6811
> URL: https://issues.apache.org/jira/browse/YARN-6811
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: timelineclient, timelineserver
> Reporter: Rohith Sharma K S
> Assignee: Rohith Sharma K S
> Attachments: YARN-6811.01.patch, YARN-6811.02.patch
>
>
> ATS1.5 allows to store history data in underlying FileSystem folder path i.e
> */acitve-dir* and */done-dir*. These base directories are protected for
> unauthorized user access for other users data by setting sticky bit for
> /active-dir.
> But object store filesystems such as WASB does not have user access control
> on folders and files. When WASB are used as underlying file system for
> ATS1.5, the history data which are stored in FS are accessible to all users.
> *This would be a security risk*
> I would propose to keep history data under its own user directory i.e
> */active-dir/$USER*. Even this do not solve basic user access from FS, but it
> provides capability to plugin Apache Ranger policies for each user folders.
> One thing to note that setting policies to each user folder is admin
> responsibility. But grouping all history data of one user folder allows to
> set policies so that user access control is achieved.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
