Hello Edward, I think you should be able to give write permissions 'rx' to group manually.
Thanks R Balaji Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Edward Capriolo <[email protected]> Sent: Tuesday, January 13, 2026 2:47:18 AM To: [email protected] <[email protected]> Subject: Re: Question on linux-container-executor src/main/native/container-executor/test/test-container-executor.c void create_nm_roots(char ** nm_roots) { char** nm_root; for(nm_root=nm_roots; *nm_root != NULL; ++nm_root) { if (mkdir(*nm_root, 0755) != 0) { printf("FAIL: Can't create directory %s - %s\n", *nm_root, strerror(errno)); exit(1); } char buffer[100000]; sprintf(buffer, "%s/usercache", *nm_root); if (mkdir(buffer, 0755) != 0) { printf("FAIL: Can't create directory %s - %s\n", buffer, strerror(errno)); exit(1); } } } The test here is creating 755 which on the surface seems to differ with what I am seeing. On Mon, Jan 12, 2026 at 3:53 PM Edward Capriolo <[email protected]<mailto:[email protected]>> wrote: Hello. I am trying to run linux-container-executor in a setup without kerberos. I want to see it "change user" and run a map reduce job. I have a fork of linux-container-executor with some gratuitous println: main : command provided 0 2026-01-12T19:51:25.467740715Z main : run as user is auser 2026-01-12T19:51:25.467750476Z main : requested yarn user is auser 2026-01-12T19:51:25.467760225Z main : validate_container_id 2026-01-12T19:51:25.467771148Z main : huh 2026-01-12T19:51:25.467784131Z validated command: INITIALIZE_CONTAINER 2026-01-12T19:51:25.467795274Z init : set_user 2026-01-12T19:51:25.467805332Z maybe free_user 2026-01-12T19:51:25.467815142Z going to check user 2026-01-12T19:51:25.467824798Z min id 2026-01-12T19:51:25.467833618Z min id 1000 2026-01-12T19:51:25.467842685Z Get user info 2026-01-12T19:51:25.467851066Z init : set_user done 2026-01-12T19:51:25.467860879Z initialize_app( 2026-01-12T19:51:25.467871118Z create user dirs 2026-01-12T19:51:25.467881131Z initialize_user. 2026-01-12T19:51:25.467890384Z created 2026-01-12T19:51:25.467900435Z create_log_dirs(). 2026-01-12T19:51:25.467911090Z create container log 2026-01-12T19:51:25.467920790Z create_container_log_dirs 2026-01-12T19:51:25.467931683Z open_file_as_nm. 2026-01-12T19:51:25.467941717Z change_user 2026-01-12T19:51:25.467952667Z change_user. 2026-01-12T19:51:25.467962032Z Can't create directory /yarn-root/nm-local-dir/usercache/auser/appcache - Permission denied 2026-01-12T19:51:25.467973350Z Did not create any app directories I am creating users like this: RUN addgroup -S hadoop RUN addgroup -S hdfs && adduser -S -G hdfs -H -D hdfs RUN addgroup -S yarn && adduser -S -G yarn -H -D yarn RUN addgroup yarn hadoop RUN addgroup -S auser && adduser -S -G auser -H -D auser I am launching a wordcount as "auser" like so: https://github.com/edwardcapriolo/edgy-ansible/blob/main/imaging/hadoop/compositions/ha_rm_zk_pki_tls/enter_auser.sh This is what teh directory inside the node manager looks like: nm1:/yarn-root/nm-local-dir/usercache# rm -rf auser/ nm1:/yarn-root/nm-local-dir/usercache# ld -lahd /yarn-root/ nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/ drwxr-xr-x 1 yarn root 24 Jan 12 19:32 /yarn-root/ nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/ drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32 /yarn-root/nm-local-dir/ nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/ filecache/ nmPrivate/ usercache/ nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/usercache/ drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38 /yarn-root/nm-local-dir/usercache/ nm1:/yarn-root/nm-local-dir/usercache# ls -lahd /yarn-root/nm-local-dir/usercache/auser/ drwxr-s--- 1 auser hadoop 0 Jan 12 20:38 /yarn-root/nm-local-dir/usercache/auser/ My node manager is running as yarn nm1:/$ ps -ef | grep yarn 1 yarn 0:20 /usr/bin/java -Dproc_nodemanager nm1:/$ id -u yarn 101 nm1:/$ id -g yarn 103 nm1:/$ id -G yarn 103 101 nm1:/$ id -G yarn -n yarn hadoop nm1:/$ umask 0022 I am guessing that the issue is drwxr-s--- 1 auser hadoop 0 Jan 12 20:38 auser Ths directory gets owned by auser/hadoop but the group write is off? My yarn config is here: https://github.com/edwardcapriolo/edgy-ansible/blob/main/imaging/hadoop/compositions/ha_rm_zk_pki_tls/hd_conf/yarn-site.xml#L126 Also manually changing it it just gets put back nm1:/yarn-root/nm-local-dir/usercache# chmod g+w auser/ nm1:/yarn-root/nm-local-dir/usercache# ls -lah total 0 drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38 . drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32 .. drwxrws--- 1 auser hadoop 0 Jan 12 20:38 auser nm1:/yarn-root/nm-local-dir/usercache# ls -lah total 0 drwxr-sr-x 1 yarn hadoop 10 Jan 12 20:38 . drwxr-xr-x 1 yarn hadoop 54 Jan 12 19:32 .. drwxr-s--- 1 auser hadoop 0 Jan 12 20:38 auser Any help would be appreciated.Thanks!
