Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Not A Bug
-
Affects Version/s: CDH4.0.1
-
Fix Version/s: None
-
Component/s: Oozie
-
Labels:None
-
Environment:Centos-5.8,Hadoop 2.0.0-cdh4.0.1,Oozie-3.1.3-cdh4.0.1
Description
As per the release build version: 3.1.3-cdh4.0.1, any user can kill the job run by a different user.
Consider two users, abc and xyz. One user, say abc belongs to a group mentioned as hadoop.proxyuser.oozie.groups.
While other user xyz do not belong to hadoop.proxyuser.oozie.groups.
If user xyz trys to run a job, hadoop throws error as "Error: E0501 : E0501: Could not perform authorization operation, User: oozie is not allowed to impersonate root". But the same user (xyz) is allowed to kill a job initiated by any authorised (abc) user.