Eric Yang created YARN-8583:
-------------------------------
Summary: Inconsistency in YARN status command
Key: YARN-8583
URL: https://issues.apache.org/jira/browse/YARN-8583
Project: Hadoop YARN
Issue Type: Improvement
Reporter: Eric Yang
YARN app -status command can report base on application ID or application name
with some usability limitation. Application ID is globally unique, and it
allows any user to query application status of any application. Application
name is not globally unique, and it will only work for querying user's own
application. This is somewhat restrictive for application administrator, but
allowing other user to query any other user's application could consider a
security hole as well. There are two possible options to reduce the
inconsistency:
Option 1. Block other user from query application status. This may improve
security in some sense, but it is an incompatible change. This is a simpler
change by matching the owner of the application, and decide to report or not
report.
Option 2. Add --user parameter to allow administrator to query application
name ran by other user. This is a bigger change because application metadata
is stored in user's own hdfs directory. There are security restriction that
need to be defined.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
