MapReduce security
MapReduce security is focused around jobs submission and administration. By default, it is wide open. Any user who has access to the JobTracker service can submit, view, and kill jobs. Such behavior can be acceptable for the development or POC clusters, but obviously fails for the multitenant production environment.
To address these problems, Hadoop supports the notion of cluster administrator and queue administrators. Cluster and queue administrators are Linux users and groups that have permissions to see and manipulate running jobs. Administrators could, for example, change job priority or kill any running job.
If you recall, in Chapter 2, Installing and Configuring Hadoop, we have configured our JobTracker to use FairScheduler. With this scheduler, you can define a fixed set of job queues and allow specific users and groups to submit jobs to them. Each queue can also be configured with a custom list of administrators.
To enable the permissions model, you need to make...
