Thomas Graves commented on YARN-3517:

+      // non-secure mode with no acls enabled
+      if (!isAdmin && !UserGroupInformation.isSecurityEnabled()
+          && !adminACLsManager.areACLsEnabled()) {
+        isAdmin = true;
+      }

We don't need the isSecurityEnabled check,  just keep the one for 
areAclsEnabled. This could be combined with the previous if, make this the else 
if part but that isn't a big deal.

in QueuesBlock we are creating the AdminACLsManager every web page load.   
Perhaps a better way would be to use the this.rm.getApplicationACLsManager() 
and extend the ApplicationAclsManager to explose an isAdmin functionality

> RM web ui for dumping scheduler logs should be for admins only
> --------------------------------------------------------------
>                 Key: YARN-3517
>                 URL: https://issues.apache.org/jira/browse/YARN-3517
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager, security
>    Affects Versions: 2.7.0
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Blocker
>              Labels: security
>         Attachments: YARN-3517.001.patch, YARN-3517.002.patch, 
> YARN-3517.003.patch
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be 
> for admins only.

This message was sent by Atlassian JIRA

Reply via email to