Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # user >> Re: JobTracker security


Copy link to this message
-
Re: JobTracker security
I mean the executable files. Or even the entire hadoop directory?
People might still be able to install a local copy of hadoop and
configure it to point to the same trackers, and then do the kill, but
at least that will complicate the things a bit?

If user1 and user2 are on different groups also, that might allow you
to block some user2 actions against user1 processes? Also, you should
take look to the "Security" chapter in "Hadoop: The Definitive Guide"
and to the hadoop-policy.xml file (I never looked at this file, so
maybe it's not at all related).

2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
> hi Jean,
>
> Do you mean input files for hadoop ? or hadoop directory?
>
> Serge
>
>
> On Tue, Feb 26, 2013 at 4:38 PM, Jean-Marc Spaggiari
> <[EMAIL PROTECTED]> wrote:
>>
>> Maybe restrict access to the hadoop file(s) to the user1?
>>
>> 2013/2/26 Serge Blazhievsky <[EMAIL PROTECTED]>:
>> > I am trying to not to use kerberos...
>> >
>> > Is there other option?
>> >
>> > Thanks
>> > Serge
>> >
>> >
>> > On Tue, Feb 26, 2013 at 3:31 PM, Patai Sangbutsarakum
>> > <[EMAIL PROTECTED]> wrote:
>> >>
>> >> Kerberos
>> >>
>> >> From: Serge Blazhievsky <[EMAIL PROTECTED]>
>> >> Reply-To: <[EMAIL PROTECTED]>
>> >> Date: Tue, 26 Feb 2013 15:29:08 -0800
>> >> To: <[EMAIL PROTECTED]>
>> >> Subject: JobTracker security
>> >>
>> >> Hi all,
>> >>
>> >> Is there a way to restrict job monitoring and management only to jobs
>> >> started by each individual user?
>> >>
>> >>
>> >> The basic scenario is:
>> >>
>> >> 1. Start a job under user1
>> >> 2. Login as user2
>> >> 3. hadoop job -list to retrieve job id
>> >> 4. hadoop job -kill job_id
>> >> 5. Job gets terminated....
>> >>
>> >> Is there something that needs to be enabled to prevent that from
>> >> happening?
>> >>
>> >> Thanks
>> >> Serge
>> >
>> >
>
>