[ https://issues.apache.org/jira/browse/AURORA-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15196520#comment-15196520 ]
Dmitriy Shirchenko commented on AURORA-1641: -------------------------------------------- I would love to help and feel responsible but I'm going on vacation on Sunday for a week so don't have time right now :/. But in the meanwhile can someone give a rough outline of required work? One proposal I saw was by [~zmanji] who mentioned that we may need to make the health check runner look more like: https://github.com/apache/aurora/blame/d752d466c550118f052d23519d071eb41b2e5bf6/src/main/python/apache/thermos/core/process.py#L327 > Shell health checker is running as root > --------------------------------------- > > Key: AURORA-1641 > URL: https://issues.apache.org/jira/browse/AURORA-1641 > Project: Aurora > Issue Type: Bug > Components: Executor, Security > Reporter: Stephan Erb > Priority: Blocker > > As the operator of an Aurora cluster, I have to guarantee that users can run > commands only with the privileges of their {{role}}. The new health checker > feature is risky in that regard, as it runs all health check commands with > the privileges of the Thermos runner. In most common deployments this is root. > The Thermos runner supports various means for setting the uid/user/role that > is used to run user processes. The same configuration should also apply to > the user-defined health checking command. -- This message was sent by Atlassian JIRA (v6.3.4#6332)