aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitriy Shirchenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AURORA-1641) Shell health checker is running as root
Date Wed, 16 Mar 2016 00:13:33 GMT

    [ https://issues.apache.org/jira/browse/AURORA-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15196520#comment-15196520
] 

Dmitriy Shirchenko commented on AURORA-1641:
--------------------------------------------

I would love to help and feel responsible but I'm going on vacation on Sunday for a week so
don't have time right now :/.

But in the meanwhile can someone give a rough outline of required work?
One proposal I saw was by [~zmanji] who mentioned that we may need to make the health check
runner look more like: https://github.com/apache/aurora/blame/d752d466c550118f052d23519d071eb41b2e5bf6/src/main/python/apache/thermos/core/process.py#L327



> Shell health checker is running as root
> ---------------------------------------
>
>                 Key: AURORA-1641
>                 URL: https://issues.apache.org/jira/browse/AURORA-1641
>             Project: Aurora
>          Issue Type: Bug
>          Components: Executor, Security
>            Reporter: Stephan Erb
>            Priority: Blocker
>
> As the operator of an Aurora cluster, I have to guarantee that users can run commands
only with the privileges of their {{role}}. The new health checker feature is risky in that
regard, as it runs all health check commands with the privileges of the Thermos runner. In
most common deployments this is root.
> The Thermos runner supports various means for setting the uid/user/role that is used
to run user processes. The same configuration should also apply to the user-defined health
checking command.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message