[ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13783318#comment-13783318 ]
Todd Lipcon commented on YARN-1253: ----------------------------------- bq. We should refactor that code out to be able to use it as a standalone library/binary (which doesn't bring in the extra baggage of user-accounts etc.) - that's the correct fix IMO. Putting in a local-user is an easy short-term solution I think separating the local "run-as" user from the daemon user has other benefits as well, separate from cgroups. This is a long-standing tradition in Unix services - eg Apache httpd typically runs CGI scripts as "nobody" unless suexec is configured. So this change still has value. > Changes to LinuxContainerExecutor to run containers as a single dedicated > user in non-secure mode > ------------------------------------------------------------------------------------------------- > > Key: YARN-1253 > URL: https://issues.apache.org/jira/browse/YARN-1253 > Project: Hadoop YARN > Issue Type: New Feature > Components: nodemanager > Affects Versions: 2.1.0-beta > Reporter: Alejandro Abdelnur > Assignee: Roman Shaposhnik > Priority: Blocker > Attachments: YARN-1253.patch.txt > > > When using cgroups we require LCE to be configured in the cluster to start > containers. > When LCE starts containers as the user that submitted the job. While this > works correctly in a secure setup, in an un-secure setup this presents a > couple issues: > * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes > * Because users can impersonate other users, any user would have access to > any local file of other users > Particularly, the second issue is not desirable as a user could get access to > ssh keys of other users in the nodes or if there are NFS mounts, get to other > users data outside of the cluster. -- This message was sent by Atlassian JIRA (v6.1#6144)