[
https://issues.apache.org/jira/browse/YARN-9039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16694652#comment-16694652
]
Bibin A Chundatt commented on YARN-9039:
----------------------------------------
[~suma.shivaprasad]
Process started user is supposed to be admin user, IIUC thts the reason we add
{{71adminAcl.addUser(owner.getShortUserName());}}
This could break that rt ?? IIUC ApplicationACLManager should by initialized by
the abstract services only rt ??
About S3 i havn't analyzed much that part.
{quote}
while testing with S3, unless there are object level ACLs, any user can access
any other user's logs if this change is not done.
{quote}
Even if we add the acl check we are restricting only LogAggregationFileReader.
Users are always allowed to read data direclty from object store and read its
using custom readers rt ? if bucket access is available ..
> App ACLs are not validated when serving logs from Logs CLI/Yarn UI2
> -------------------------------------------------------------------
>
> Key: YARN-9039
> URL: https://issues.apache.org/jira/browse/YARN-9039
> Project: Hadoop YARN
> Issue Type: Bug
> Components: log-aggregation
> Reporter: Suma Shivaprasad
> Assignee: Suma Shivaprasad
> Priority: Critical
> Attachments: YARN-9039.1.patch, YARN-9039.2.patch
>
>
> App Acls are not being validated when serving logs through YARN CLI.
> This also applies while serving logs through YARN UIV2 through ATSV2 Log
> Webservice
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
