[ 
https://issues.apache.org/jira/browse/YARN-2973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14249543#comment-14249543
 ] 

Naganarasimha G R commented on YARN-2973:
-----------------------------------------

As per the description in the YARN documentation 
{quote}
"yarn.scheduler.capacity.root.<queue-path>.acl_submit_applications" 
 The ACL which controls who can submit applications to the given queue. If the 
given user/group has necessary ACLs on the given queue or one of the parent 
queues in the hierarchy they can submit applications. ACLs for this property 
are inherited from the parent queue if not specified.
{quote}
So basically ACL is union of all ACL's in the queue hierarchy
and there is a note : 
{quote}
Note: An ACL is of the form user1, user2spacegroup1, group2. The special value 
of * implies anyone. The special value of space implies no one. The default is 
* for the root queue if not specified.
{quote}
So jcsong2 can access all as by default root queue is * .
But i feel the default root queue permission should not be * and better to be 
taken as no rights (i.e. space) when acl's are enabled.
May be others can give opinion on this ...

> Capacity scheduler configuration ACLs not work.
> -----------------------------------------------
>
>                 Key: YARN-2973
>                 URL: https://issues.apache.org/jira/browse/YARN-2973
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: capacityscheduler
>    Affects Versions: 2.5.0
>         Environment: ubuntu 12.04, cloudera manager, cdh5.2.1
>            Reporter: Jimmy Song
>            Assignee: Rohith
>              Labels: acl, capacity-scheduler, yarn
>
> I follow this page to configure yarn: 
> http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-yarn/hadoop-yarn-site/CapacityScheduler.html.
>  
> I configured YARN to use capacity scheduler in yarn-site.xml with 
> yarn.resourcemanager.scheduler.class for 
> org.apache.hadoop.yarn.server.resourcemanager.scheduler.capacity.CapacityScheduler.
>  Then modified capacity-scheduler.xml,
> ___________________________________________________
> <?xml version="1.0"?>
> <configuration>
>   <property>
>     <name>yarn.scheduler.capacity.root.queues</name>
>     <value>default,extract,report,tool</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.state</name>
>     <value>RUNNING</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.acl_submit_applications</name>
>     <value>jcsong2, y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.acl_administer_queue</name>
>     <value>jcsong2, y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.default.capacity</name>
>     <value>35</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.acl_submit_applications</name>
>     <value>jcsong2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.acl_administer_queue</name>
>     <value>jcsong2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.extract.capacity</name>
>     <value>15</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.acl_submit_applications</name>
>     <value>y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.acl_administer_queue</name>
>     <value>y2 </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.report.capacity</name>
>     <value>35</value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.acl_submit_applications</name>
>     <value> </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.acl_administer_queue</name>
>     <value> </value>
>   </property>
>   <property>
>     <name>yarn.scheduler.capacity.root.tool.capacity</name>
>     <value>15</value>
>   </property>
> </configuration>
> _______________________________________________
> I have enabled the acl in yarn-site.xml, but the user jcsong2 can submit 
> applications to every queue. The queue acl does't work! And the queue used 
> capacity more than it was configured! 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to