- Threat ID
- Threat Date
- Threat Name
- Job administration ACL
- CVE Reference
- CCE Reference
- Database Type
- All versions of Hadoop
- Hadoop can be configured to allow a list of accounts/groups to act as job administrators, thus granting them unrestricted control over the jobs. This permissions should be present in the system policy and audited by the system admin.
- The cluster administrator can specify access control lists for viewing or modifying a job via the configuration properties mapreduce.job.acl-view-job and mapreduce.job.acl-modify-job respectively. By default, nobody is given access in these properties.
However, irrespective of the job ACLs configured, a job's owner, the superuser and cluster administrators (mapreduce.cluster.administrators) and queue administrators of the queue to which the job was submitted to (mapred.queue.queue-name.acl-administer-jobs) always have access to view and modify a job.
A job view ACL authorizes users against the configured mapreduce.job.acl-view-job before returning possibly sensitive information about a job, like:
- job level counters
- task level counters
- tasks's diagnostic information
- task logs displayed on the TaskTracker web UI
- job.xml showed by the JobTracker's web UI
Other information about a job, like its status and its profile, is accessible to all users, without requiring authorization.
A job modification ACL authorizes users against the configured mapreduce.job.acl-modify-job before allowing modifications to jobs, like:
- killing a job
- killing/failing a task of a job
- setting the priority of a job
These operations are also permitted by the queue level ACL, "mapred.queue.queue-name.acl-administer-jobs", configured via mapred-queue-acls.xml. The caller will be able to do the operation if he/she is part of either queue admins ACL or job modification ACL.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.