[ 
https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13783318#comment-13783318
 ] 

Todd Lipcon commented on YARN-1253:
-----------------------------------

bq. We should refactor that code out to be able to use it as a standalone 
library/binary (which doesn't bring in the extra baggage of user-accounts etc.) 
- that's the correct fix IMO. Putting in a local-user is an easy short-term 
solution

I think separating the local "run-as" user from the daemon user has other 
benefits as well, separate from cgroups. This is a long-standing tradition in 
Unix services - eg Apache httpd typically runs CGI scripts as "nobody" unless 
suexec is configured. So this change still has value.

> Changes to LinuxContainerExecutor to run containers as a single dedicated 
> user in non-secure mode
> -------------------------------------------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>         Attachments: YARN-1253.patch.txt
>
>
> When using cgroups we require LCE to be configured in the cluster to start 
> containers. 
> When LCE starts containers as the user that submitted the job. While this 
> works correctly in a secure setup, in an un-secure setup this presents a 
> couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to 
> any local file of other users
> Particularly, the second issue is not desirable as a user could get access to 
> ssh keys of other users in the nodes or if there are NFS mounts, get to other 
> users data outside of the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to