[ https://issues.apache.org/jira/browse/YARN-2551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Remus Rusanu resolved YARN-2551. -------------------------------- Resolution: Implemented The patch will be contained in YARN-2198 patch 10 and forward > Windows Secure Cotnainer Executor: Add checks to validate that the > wsce-site.xml is write restricted to Administrators only > --------------------------------------------------------------------------------------------------------------------------- > > Key: YARN-2551 > URL: https://issues.apache.org/jira/browse/YARN-2551 > Project: Hadoop YARN > Issue Type: Sub-task > Components: nodemanager > Reporter: Remus Rusanu > Assignee: Remus Rusanu > Labels: security, windows, wsce > Attachments: YARN-2551.1.patch > > > The wsce-site.xml containes the impersonate.allowed and impersonate.denied > keys that restrict/control the users that can be impersonated by the WSCE > containers. The impersonation frameworks in winutils should validate that > only Administrators have write control on this file. > This is similar to how LCE is validating that only root has write permissions > on container-executor.cfg file on secure Linux clusters. -- This message was sent by Atlassian JIRA (v6.3.4#6332)