hadoop-policy.xml 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226
  1. <?xml version="1.0"?>
  2. <?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
  3. <!--
  4. Licensed to the Apache Software Foundation (ASF) under one
  5. or more contributor license agreements. See the NOTICE file
  6. distributed with this work for additional information
  7. regarding copyright ownership. The ASF licenses this file
  8. to you under the Apache License, Version 2.0 (the
  9. "License"); you may not use this file except in compliance
  10. with the License. You may obtain a copy of the License at
  11. http://www.apache.org/licenses/LICENSE-2.0
  12. Unless required by applicable law or agreed to in writing, software
  13. distributed under the License is distributed on an "AS IS" BASIS,
  14. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  15. See the License for the specific language governing permissions and
  16. limitations under the License.
  17. -->
  18. <!-- Put site-specific property overrides in this file. -->
  19. <configuration>
  20. <property>
  21. <name>security.client.protocol.acl</name>
  22. <value>*</value>
  23. <description>ACL for ClientProtocol, which is used by user code
  24. via the DistributedFileSystem.
  25. The ACL is a comma-separated list of user and group names. The user and
  26. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  27. A special value of "*" means all users are allowed.</description>
  28. </property>
  29. <property>
  30. <name>security.client.datanode.protocol.acl</name>
  31. <value>*</value>
  32. <description>ACL for ClientDatanodeProtocol, the client-to-datanode protocol
  33. for block recovery.
  34. The ACL is a comma-separated list of user and group names. The user and
  35. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  36. A special value of "*" means all users are allowed.</description>
  37. </property>
  38. <property>
  39. <name>security.datanode.protocol.acl</name>
  40. <value>*</value>
  41. <description>ACL for DatanodeProtocol, which is used by datanodes to
  42. communicate with the namenode.
  43. The ACL is a comma-separated list of user and group names. The user and
  44. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  45. A special value of "*" means all users are allowed.</description>
  46. </property>
  47. <property>
  48. <name>security.inter.datanode.protocol.acl</name>
  49. <value>*</value>
  50. <description>ACL for InterDatanodeProtocol, the inter-datanode protocol
  51. for updating generation timestamp.
  52. The ACL is a comma-separated list of user and group names. The user and
  53. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  54. A special value of "*" means all users are allowed.</description>
  55. </property>
  56. <property>
  57. <name>security.namenode.protocol.acl</name>
  58. <value>*</value>
  59. <description>ACL for NamenodeProtocol, the protocol used by the secondary
  60. namenode to communicate with the namenode.
  61. The ACL is a comma-separated list of user and group names. The user and
  62. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  63. A special value of "*" means all users are allowed.</description>
  64. </property>
  65. <property>
  66. <name>security.admin.operations.protocol.acl</name>
  67. <value>*</value>
  68. <description>ACL for AdminOperationsProtocol. Used for admin commands.
  69. The ACL is a comma-separated list of user and group names. The user and
  70. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  71. A special value of "*" means all users are allowed.</description>
  72. </property>
  73. <property>
  74. <name>security.refresh.user.mappings.protocol.acl</name>
  75. <value>*</value>
  76. <description>ACL for RefreshUserMappingsProtocol. Used to refresh
  77. users mappings. The ACL is a comma-separated list of user and
  78. group names. The user and group list is separated by a blank. For
  79. e.g. "alice,bob users,wheel". A special value of "*" means all
  80. users are allowed.</description>
  81. </property>
  82. <property>
  83. <name>security.refresh.policy.protocol.acl</name>
  84. <value>*</value>
  85. <description>ACL for RefreshAuthorizationPolicyProtocol, used by the
  86. dfsadmin and mradmin commands to refresh the security policy in-effect.
  87. The ACL is a comma-separated list of user and group names. The user and
  88. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  89. A special value of "*" means all users are allowed.</description>
  90. </property>
  91. <property>
  92. <name>security.ha.service.protocol.acl</name>
  93. <value>*</value>
  94. <description>ACL for HAService protocol used by HAAdmin to manage the
  95. active and stand-by states of namenode.</description>
  96. </property>
  97. <property>
  98. <name>security.zkfc.protocol.acl</name>
  99. <value>*</value>
  100. <description>ACL for access to the ZK Failover Controller
  101. </description>
  102. </property>
  103. <property>
  104. <name>security.qjournal.service.protocol.acl</name>
  105. <value>*</value>
  106. <description>ACL for QJournalProtocol, used by the NN to communicate with
  107. JNs when using the QuorumJournalManager for edit logs.</description>
  108. </property>
  109. <property>
  110. <name>security.mrhs.client.protocol.acl</name>
  111. <value>*</value>
  112. <description>ACL for HSClientProtocol, used by job clients to
  113. communciate with the MR History Server job status etc.
  114. The ACL is a comma-separated list of user and group names. The user and
  115. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  116. A special value of "*" means all users are allowed.</description>
  117. </property>
  118. <!-- YARN Protocols -->
  119. <property>
  120. <name>security.resourcetracker.protocol.acl</name>
  121. <value>*</value>
  122. <description>ACL for ResourceTrackerProtocol, used by the
  123. ResourceManager and NodeManager to communicate with each other.
  124. The ACL is a comma-separated list of user and group names. The user and
  125. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  126. A special value of "*" means all users are allowed.</description>
  127. </property>
  128. <property>
  129. <name>security.resourcemanager-administration.protocol.acl</name>
  130. <value>*</value>
  131. <description>ACL for ResourceManagerAdministrationProtocol, for admin commands.
  132. The ACL is a comma-separated list of user and group names. The user and
  133. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  134. A special value of "*" means all users are allowed.</description>
  135. </property>
  136. <property>
  137. <name>security.applicationclient.protocol.acl</name>
  138. <value>*</value>
  139. <description>ACL for ApplicationClientProtocol, used by the ResourceManager
  140. and applications submission clients to communicate with each other.
  141. The ACL is a comma-separated list of user and group names. The user and
  142. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  143. A special value of "*" means all users are allowed.</description>
  144. </property>
  145. <property>
  146. <name>security.applicationmaster.protocol.acl</name>
  147. <value>*</value>
  148. <description>ACL for ApplicationMasterProtocol, used by the ResourceManager
  149. and ApplicationMasters to communicate with each other.
  150. The ACL is a comma-separated list of user and group names. The user and
  151. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  152. A special value of "*" means all users are allowed.</description>
  153. </property>
  154. <property>
  155. <name>security.containermanagement.protocol.acl</name>
  156. <value>*</value>
  157. <description>ACL for ContainerManagementProtocol protocol, used by the NodeManager
  158. and ApplicationMasters to communicate with each other.
  159. The ACL is a comma-separated list of user and group names. The user and
  160. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  161. A special value of "*" means all users are allowed.</description>
  162. </property>
  163. <property>
  164. <name>security.resourcelocalizer.protocol.acl</name>
  165. <value>*</value>
  166. <description>ACL for ResourceLocalizer protocol, used by the NodeManager
  167. and ResourceLocalizer to communicate with each other.
  168. The ACL is a comma-separated list of user and group names. The user and
  169. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  170. A special value of "*" means all users are allowed.</description>
  171. </property>
  172. <property>
  173. <name>security.job.task.protocol.acl</name>
  174. <value>*</value>
  175. <description>ACL for TaskUmbilicalProtocol, used by the map and reduce
  176. tasks to communicate with the parent tasktracker.
  177. The ACL is a comma-separated list of user and group names. The user and
  178. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  179. A special value of "*" means all users are allowed.</description>
  180. </property>
  181. <property>
  182. <name>security.job.client.protocol.acl</name>
  183. <value>*</value>
  184. <description>ACL for MRClientProtocol, used by job clients to
  185. communciate with the MR ApplicationMaster to query job status etc.
  186. The ACL is a comma-separated list of user and group names. The user and
  187. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  188. A special value of "*" means all users are allowed.</description>
  189. </property>
  190. <property>
  191. <name>security.applicationhistory.protocol.acl</name>
  192. <value>*</value>
  193. <description>ACL for ApplicationHistoryProtocol, used by the timeline
  194. server and the generic history service client to communicate with each other.
  195. The ACL is a comma-separated list of user and group names. The user and
  196. group list is separated by a blank. For e.g. "alice,bob users,wheel".
  197. A special value of "*" means all users are allowed.</description>
  198. </property>
  199. </configuration>