[
https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14509152#comment-14509152
]
Thomas Graves commented on YARN-3517:
-------------------------------------
+ // non-secure mode with no acls enabled
+ if (!isAdmin && !UserGroupInformation.isSecurityEnabled()
+ && !adminACLsManager.areACLsEnabled()) {
+ isAdmin = true;
+ }
+
We don't need the isSecurityEnabled check, just keep the one for
areAclsEnabled. This could be combined with the previous if, make this the else
if part but that isn't a big deal.
in QueuesBlock we are creating the AdminACLsManager every web page load.
Perhaps a better way would be to use the this.rm.getApplicationACLsManager()
and extend the ApplicationAclsManager to explose an isAdmin functionality
> RM web ui for dumping scheduler logs should be for admins only
> --------------------------------------------------------------
>
> Key: YARN-3517
> URL: https://issues.apache.org/jira/browse/YARN-3517
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager, security
> Affects Versions: 2.7.0
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Priority: Blocker
> Labels: security
> Attachments: YARN-3517.001.patch, YARN-3517.002.patch,
> YARN-3517.003.patch
>
>
> YARN-3294 allows users to dump scheduler logs from the web UI. This should be
> for admins only.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
