aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zameer Manji <>
Subject Re: /etc/passwd in containers
Date Fri, 20 Mar 2015 18:19:30 GMT

I'm not the authority on this but I suspect Aurora does not set
CommandInfo.user because that feature was added in 0.19.0
no one has ever thought about setting the field before. Your use case seems
reasonable and I see no reason why Aurora cannot set this value and modify
the executor appropriately.

On Thu, Mar 19, 2015 at 5:57 PM, Jay Buffington <> wrote:

> One pain point that currently exists with Aurora/Mesos/Docker integration
> is that it requires making a choice between two bad options:
> 1) require that the aurora role exist in the docker image as a unix user
> 2) run everything as root by setting "USER root" in the Dockerfile and pass
> --nosetuid to the executor.
> I'd like to purpose that mesos be modified to generate an /etc/passwd file
> that includes a single entry: the CommandInfo.user with a stable uid.  This
> file will always overwrite whatever /etc/passwd is provided by the
> container image.
> The problem here is that Aurora doesn't set CommandInfo.user and it
> defaults to root.  The aurora executor does chown of the sandbox dir and
> then does a setuid to the user specified in the job key. This would always
> fail with "user does not exist" [1] because the executor would only find
> root in /etc/passwd.
> Why doesn't aurora set CommandInfo.user to the aurora role?  If it did, we
> would be able to solve this problem by having mesos generate a sensible
> /etc/passwd for containers.
> Thanks!
> Jay
> [1]
> --
> Zameer Manji
> <>

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message