Secured TaskTracker

Describes how to control user access to TaskTracker.

You can control which users are able to submit jobs to the TaskTracker. By default, the TaskTracker is secured; all TaskTracker nodes should have the same user and group databases, and only users who are present on all TaskTracker nodes (same user ID on all nodes) can submit jobs. You can disallow certain users (including root or other superusers) from submitting jobs, or remove user restrictions from the TaskTracker completely.
Note: You must restart the TaskTracker after changing a node's hostname.

Disallowing Root

  1. Edit mapred-site.xml (MapReduce v1) and set mapred.tasktracker.task-controller.config.overwrite = false on all TaskTracker nodes.
  2. Edit taskcontroller.cfg and set min.user.id=0 on all TaskTracker nodes.
  3. Restart all TaskTrackers.

Disallowing All Superusers

  1. Edit mapred-site.xml (MapReduce v1) and set mapred.tasktracker.task-controller.config.overwrite = false on all TaskTracker nodes.
  2. Edit taskcontroller.cfg and set min.user.id=1000 on all TaskTracker nodes.
  3. Restart all TaskTrackers.

Disallowing Specific Users

  1. Edit mapred-site.xml (MapReduce v1) and set mapred.tasktracker.task-controller.config.overwrite = false on all TaskTracker nodes.
  2. Edit taskcontroller.cfg and add the parameter banned.users on all TaskTracker nodes, setting it to a comma-separated list of usernames. Example:
    banned.users=foo,bar
  3. Restart all TaskTrackers.

Removing All User Restrictions and Running All Jobs as Root

  1. Edit mapred-site.xml (MapReduce v1) and set mapred.task.tracker.task-controller = org.apache.hadoop.mapred.DefaultTaskController on all TaskTracker nodes.
  2. Restart all TaskTrackers.
    Note: When you make the above setting, all jobs submitted by any user will run as root, and will have the ability to overwrite, delete, or damage data regardless of ownership or permissions.