[
https://issues.apache.org/jira/browse/YARN-9445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16812881#comment-16812881
]
Tan, Wangda commented on YARN-9445:
-----------------------------------
[~shuzirra], [~snemeth],
Changing yarn.admin.acl could cause some more security issues (like allowing
cluster ops to run jobs and consume all the resources which they're disallowed
before), and it is an incompatible change to me. I suggest to not do that.
Changing default value of admin.acl and queue acls are also incompatible
changes, but the later ones are important since they can potentially prevent
cluster being hacked. It's better to start an email thread to discuss.
> yarn.admin.acl is futile
> ------------------------
>
> Key: YARN-9445
> URL: https://issues.apache.org/jira/browse/YARN-9445
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security
> Affects Versions: 3.3.0
> Reporter: Peter Simon
> Assignee: Gergely Pollak
> Priority: Major
> Attachments: YARN-9445.001.patch
>
>
> * Define a queue with restrictive administerApps settings (e.g. yarn)
> * Set yarn.admin.acl to "*".
> * Try to submit an application with user yarn, it is denied.
> This way my expected behaviour would be that while everyone is admin, I can
> submit to whatever pool.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
