123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 |
- <?xml version="1.0"?>
- <?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
- <!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
- <!-- Put site-specific property overrides in this file. -->
- <configuration>
- <property>
- <name>security.client.protocol.acl</name>
- <value>*</value>
- <description>ACL for ClientProtocol, which is used by user code
- via the DistributedFileSystem.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.client.datanode.protocol.acl</name>
- <value>*</value>
- <description>ACL for ClientDatanodeProtocol, the client-to-datanode protocol
- for block recovery.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.datanode.protocol.acl</name>
- <value>*</value>
- <description>ACL for DatanodeProtocol, which is used by datanodes to
- communicate with the namenode.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.inter.datanode.protocol.acl</name>
- <value>*</value>
- <description>ACL for InterDatanodeProtocol, the inter-datanode protocol
- for updating generation timestamp.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.namenode.protocol.acl</name>
- <value>*</value>
- <description>ACL for NamenodeProtocol, the protocol used by the secondary
- namenode to communicate with the namenode.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.admin.operations.protocol.acl</name>
- <value>*</value>
- <description>ACL for AdminOperationsProtocol. Used for admin commands.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.refresh.user.mappings.protocol.acl</name>
- <value>*</value>
- <description>ACL for RefreshUserMappingsProtocol. Used to refresh
- users mappings. The ACL is a comma-separated list of user and
- group names. The user and group list is separated by a blank. For
- e.g. "alice,bob users,wheel". A special value of "*" means all
- users are allowed.</description>
- </property>
- <property>
- <name>security.refresh.policy.protocol.acl</name>
- <value>*</value>
- <description>ACL for RefreshAuthorizationPolicyProtocol, used by the
- dfsadmin and mradmin commands to refresh the security policy in-effect.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.ha.service.protocol.acl</name>
- <value>*</value>
- <description>ACL for HAService protocol used by HAAdmin to manage the
- active and stand-by states of namenode.</description>
- </property>
- <property>
- <name>security.zkfc.protocol.acl</name>
- <value>*</value>
- <description>ACL for access to the ZK Failover Controller
- </description>
- </property>
- <property>
- <name>security.qjournal.service.protocol.acl</name>
- <value>*</value>
- <description>ACL for QJournalProtocol, used by the NN to communicate with
- JNs when using the QuorumJournalManager for edit logs.</description>
- </property>
- <property>
- <name>security.mrhs.client.protocol.acl</name>
- <value>*</value>
- <description>ACL for HSClientProtocol, used by job clients to
- communciate with the MR History Server job status etc.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <!-- YARN Protocols -->
- <property>
- <name>security.resourcetracker.protocol.acl</name>
- <value>*</value>
- <description>ACL for ResourceTrackerProtocol, used by the
- ResourceManager and NodeManager to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.resourcemanager-administration.protocol.acl</name>
- <value>*</value>
- <description>ACL for ResourceManagerAdministrationProtocol, for admin commands.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.applicationclient.protocol.acl</name>
- <value>*</value>
- <description>ACL for ApplicationClientProtocol, used by the ResourceManager
- and applications submission clients to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.applicationmaster.protocol.acl</name>
- <value>*</value>
- <description>ACL for ApplicationMasterProtocol, used by the ResourceManager
- and ApplicationMasters to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.containermanagement.protocol.acl</name>
- <value>*</value>
- <description>ACL for ContainerManagementProtocol protocol, used by the NodeManager
- and ApplicationMasters to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.resourcelocalizer.protocol.acl</name>
- <value>*</value>
- <description>ACL for ResourceLocalizer protocol, used by the NodeManager
- and ResourceLocalizer to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.job.task.protocol.acl</name>
- <value>*</value>
- <description>ACL for TaskUmbilicalProtocol, used by the map and reduce
- tasks to communicate with the parent tasktracker.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.job.client.protocol.acl</name>
- <value>*</value>
- <description>ACL for MRClientProtocol, used by job clients to
- communciate with the MR ApplicationMaster to query job status etc.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- <property>
- <name>security.applicationhistory.protocol.acl</name>
- <value>*</value>
- <description>ACL for ApplicationHistoryProtocol, used by the timeline
- server and the generic history service client to communicate with each other.
- The ACL is a comma-separated list of user and group names. The user and
- group list is separated by a blank. For e.g. "alice,bob users,wheel".
- A special value of "*" means all users are allowed.</description>
- </property>
- </configuration>
|