Secured TaskTracker
Describes how to control user access to TaskTracker.
About this task
You can control which users are able to submit jobs to the TaskTracker. By default, the
TaskTracker is secured; all TaskTracker nodes should have the same user and group
databases, and only users who are present on all TaskTracker nodes (same user ID on all
nodes) can submit jobs. You can disallow certain users (including
root
or other superusers) from submitting jobs, or remove user restrictions from the
TaskTracker completely. NOTE: You must restart the TaskTracker after changing a node's
hostname.
Disallowing Root
Procedure
-
Edit
mapred-site.xml (MapReduce v1)
and setmapred.tasktracker.task-controller.config.overwrite = false
on all TaskTracker nodes. -
Edit
taskcontroller.cfg
and setmin.user.id=0
on all TaskTracker nodes. - Restart all TaskTrackers.
Disallowing All Superusers
Procedure
-
Edit
mapred-site.xml (MapReduce v1)
and setmapred.tasktracker.task-controller.config.overwrite = false
on all TaskTracker nodes. -
Edit
taskcontroller.cfg
and setmin.user.id=1000
on all TaskTracker nodes. - Restart all TaskTrackers.
Disallowing Specific Users
Procedure
-
Edit
mapred-site.xml (MapReduce v1)
and setmapred.tasktracker.task-controller.config.overwrite = false
on all TaskTracker nodes. -
Edit
taskcontroller.cfg
and add the parameterbanned.users
on all TaskTracker nodes, setting it to a comma-separated list of usernames. Example:banned.users=foo,bar
- Restart all TaskTrackers.
Removing All User Restrictions and Running All Jobs as Root
Procedure
-
Edit
mapred-site.xml (MapReduce v1)
and setmapred.task.tracker.task-controller = org.apache.hadoop.mapred.DefaultTaskController
on all TaskTracker nodes. -
Restart all TaskTrackers.
NOTE: When you make the above setting, all jobs submitted by any user will run as
root
, and will have the ability to overwrite, delete, or damage data regardless of ownership or permissions.