Hi all,

Is there a way to restrict job monitoring and management only to jobs
started by each individual user?
The basic scenario is:

1. Start a job under user1
2. Login as user2
3. hadoop job -list to retrieve job id
4. hadoop job -kill job_id
5. Job gets terminated....

Is there something that needs to be enabled to prevent that from happening?

Thanks
Serge

Kerberos

From: Serge Blazhievsky <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Reply-To: <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Date: Tue, 26 Feb 2013 15:29:08 -0800
To: <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Subject: JobTracker security

Hi all,

Is there a way to restrict job monitoring and management only to jobs started by each individual user?
The basic scenario is:

1. Start a job under user1
2. Login as user2
3. hadoop job -list to retrieve job id
4. hadoop job -kill job_id
5. Job gets terminated....

Is there something that needs to be enabled to prevent that from happening?

Thanks
Serge

I am trying to not to use kerberos...

Is there other option?

Thanks
Serge

On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum <
[EMAIL PROTECTED]> wrote:

>  Kerberos
>
>   From: Serge Blazhievsky <[EMAIL PROTECTED]>
> Reply-To: <[EMAIL PROTECTED]>
> Date: Tue, 26 Feb 2013 15:29:08 -0800
> To: <[EMAIL PROTECTED]>
> Subject: JobTracker security
>
>  Hi all,
>
>  Is there a way to restrict job monitoring and management only to jobs
> started by each individual user?
>
>
>  The basic scenario is:
>
>  1. Start a job under user1
> 2. Login as user2
> 3. hadoop job -list to retrieve job id
> 4. hadoop job -kill job_id
> 5. Job gets terminated....
>
>  Is there something that needs to be enabled to prevent that from
> happening?
>
>  Thanks
> Serge
>

Maybe restrict access to the hadoop file(s) to the user1?

2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
> I am trying to not to use kerberos...
>
> Is there other option?
>
> Thanks
> Serge
>
>
> On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum
> <[EMAIL PROTECTED]> wrote:
>>
>> Kerberos
>>
>> From: Serge Blazhievsky <[EMAIL PROTECTED]>
>> Reply-To: <[EMAIL PROTECTED]>
>> Date: Tue, 26 Feb 2013 15:29:08 -0800
>> To: <[EMAIL PROTECTED]>
>> Subject: JobTracker security
>>
>> Hi all,
>>
>> Is there a way to restrict job monitoring and management only to jobs
>> started by each individual user?
>>
>>
>> The basic scenario is:
>>
>> 1. Start a job under user1
>> 2. Login as user2
>> 3. hadoop job -list to retrieve job id
>> 4. hadoop job -kill job_id
>> 5. Job gets terminated....
>>
>> Is there something that needs to be enabled to prevent that from
>> happening?
>>
>> Thanks
>> Serge
>
>

hi Jean,

Do you mean input files for hadoop ? or hadoop directory?

Serge

On Tue, Feb 26, 2013 at 4:38 PM, Jean-Marc Spaggiari <
[EMAIL PROTECTED]> wrote:

> Maybe restrict access to the hadoop file(s) to the user1?
>
> 2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
> > I am trying to not to use kerberos...
> >
> > Is there other option?
> >
> > Thanks
> > Serge
> >
> >
> > On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum
> > <[EMAIL PROTECTED]> wrote:
> >>
> >> Kerberos
> >>
> >> From: Serge Blazhievsky <[EMAIL PROTECTED]>
> >> Reply-To: <[EMAIL PROTECTED]>
> >> Date: Tue, 26 Feb 2013 15:29:08 -0800
> >> To: <[EMAIL PROTECTED]>
> >> Subject: JobTracker security
> >>
> >> Hi all,
> >>
> >> Is there a way to restrict job monitoring and management only to jobs
> >> started by each individual user?
> >>
> >>
> >> The basic scenario is:
> >>
> >> 1. Start a job under user1
> >> 2. Login as user2
> >> 3. hadoop job -list to retrieve job id
> >> 4. hadoop job -kill job_id
> >> 5. Job gets terminated....
> >>
> >> Is there something that needs to be enabled to prevent that from
> >> happening?
> >>
> >> Thanks
> >> Serge
> >
> >
>

All right!

Thanks for advice!
Serge

On Tue, Feb 26, 2013 at 4:57 PM, Jean-Marc Spaggiari <
[EMAIL PROTECTED]> wrote:

> I mean the executable files. Or even the entire hadoop directory?
> People might still be able to install a local copy of hadoop and
> configure it to point to the same trackers, and then do the kill, but
> at least that will complicate the things a bit?
>
> If user1 and user2 are on different groups also, that might allow you
> to block some user2 actions against user1 processes? Also, you should
> take look to the "Security" chapter in "Hadoop: The Definitive Guide"
> and to the hadoop-policy.xml file (I never looked at this file, so
> maybe it's not at all related).
>
> 2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
> > hi Jean,
> >
> > Do you mean input files for hadoop ? or hadoop directory?
> >
> > Serge
> >
> >
> > On Tue, Feb 26, 2013 at 4:38 PM, Jean-Marc Spaggiari
> > <[EMAIL PROTECTED]> wrote:
> >>
> >> Maybe restrict access to the hadoop file(s) to the user1?
> >>
> >> 2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
> >> > I am trying to not to use kerberos...
> >> >
> >> > Is there other option?
> >> >
> >> > Thanks
> >> > Serge
> >> >
> >> >
> >> > On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum
> >> > <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> Kerberos
> >> >>
> >> >> From: Serge Blazhievsky <[EMAIL PROTECTED]>
> >> >> Reply-To: <[EMAIL PROTECTED]>
> >> >> Date: Tue, 26 Feb 2013 15:29:08 -0800
> >> >> To: <[EMAIL PROTECTED]>
> >> >> Subject: JobTracker security
> >> >>
> >> >> Hi all,
> >> >>
> >> >> Is there a way to restrict job monitoring and management only to jobs
> >> >> started by each individual user?
> >> >>
> >> >>
> >> >> The basic scenario is:
> >> >>
> >> >> 1. Start a job under user1
> >> >> 2. Login as user2
> >> >> 3. hadoop job -list to retrieve job id
> >> >> 4. hadoop job -kill job_id
> >> >> 5. Job gets terminated....
> >> >>
> >> >> Is there something that needs to be enabled to prevent that from
> >> >> happening?
> >> >>
> >> >> Thanks
> >> >> Serge
> >> >
> >> >
> >
> >
>