[jira] [Updated] (SPARK-30256) Allow SparkLauncher to sudo before executing spark-submit

[Jeff Evans (Jira)]

     [ 
https://issues.apache.org/jira/browse/SPARK-30256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Evans updated SPARK-30256:
-------------------------------
    Description: It would be useful if 
{{org.apache.spark.launcher.SparkLauncher}} allowed for a "sudo as user X" 
option.  This way, multi-tenant applications that run Spark jobs could give end 
users greater security, by ensuring that the files (including, importantly, 
keytabs) can remain readable only by the end users instead of the UID that runs 
this multi-tenant application itself.  I believe that {{sudo -u <theUser> 
spark-submit <spark-submit-args>}} should work.  The builder maintained by 
{{SparkLauncher}} could simply have a {{setSudoUser}} method.  (was: It would 
be useful if {{org.apache.spark.launcher.SparkLauncher}} allowed for a "sudo as 
user X" option.  This way, multi-tenant applications that run Spark jobs could 
give end users greater security, by ensuring that the files (including, 
importantly, keytabs) can remain readable only by the end users instead of the 
UID that runs this multi-tenant application itself.  I believe that {{sudo -u 
<theUser> spark-submit <spark-submit-args}} should work.  The builder 
maintained by {{SparkLauncher}} could simply have a {{setSudoUser}} method.)

> Allow SparkLauncher to sudo before executing spark-submit
> ---------------------------------------------------------
>
>                 Key: SPARK-30256
>                 URL: https://issues.apache.org/jira/browse/SPARK-30256
>             Project: Spark
>          Issue Type: Improvement
>          Components: Spark Submit
>    Affects Versions: 3.0.0
>            Reporter: Jeff Evans
>            Priority: Minor
>
> It would be useful if {{org.apache.spark.launcher.SparkLauncher}} allowed for 
> a "sudo as user X" option.  This way, multi-tenant applications that run 
> Spark jobs could give end users greater security, by ensuring that the files 
> (including, importantly, keytabs) can remain readable only by the end users 
> instead of the UID that runs this multi-tenant application itself.  I believe 
> that {{sudo -u <theUser> spark-submit <spark-submit-args>}} should work.  The 
> builder maintained by {{SparkLauncher}} could simply have a {{setSudoUser}} 
> method.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org