[
https://issues.apache.org/jira/browse/AURORA-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15196520#comment-15196520
]
Dmitriy Shirchenko commented on AURORA-1641:
--------------------------------------------
I would love to help and feel responsible but I'm going on vacation on Sunday
for a week so don't have time right now :/.
But in the meanwhile can someone give a rough outline of required work?
One proposal I saw was by [~zmanji] who mentioned that we may need to make the
health check runner look more like:
https://github.com/apache/aurora/blame/d752d466c550118f052d23519d071eb41b2e5bf6/src/main/python/apache/thermos/core/process.py#L327
> Shell health checker is running as root
> ---------------------------------------
>
> Key: AURORA-1641
> URL: https://issues.apache.org/jira/browse/AURORA-1641
> Project: Aurora
> Issue Type: Bug
> Components: Executor, Security
> Reporter: Stephan Erb
> Priority: Blocker
>
> As the operator of an Aurora cluster, I have to guarantee that users can run
> commands only with the privileges of their {{role}}. The new health checker
> feature is risky in that regard, as it runs all health check commands with
> the privileges of the Thermos runner. In most common deployments this is root.
> The Thermos runner supports various means for setting the uid/user/role that
> is used to run user processes. The same configuration should also apply to
> the user-defined health checking command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
