hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-4490) Map and Reduce tasks should run as the user who submitted the job
Date Fri, 28 Nov 2008 20:04:44 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12651616#action_12651616
] 

Owen O'Malley commented on HADOOP-4490:
---------------------------------------

+1 for a setuid program.

It should be written in C, not Java to ensure it has enough access to the platform to actually
be secure. In particular, it has to clear both real and effective user ids.

I'd like to see the proposed list of commands for the setuid program.

No user-specified strings should be included on the command line, to avoid special character
attacks.

I agree with Sameer that we should have very tight permissions on the map output and task
directories. One of the subcommands should probably be to move the outputs from somewhere
like $task/output to somewhere like $tt/output/$job/$task.

Having a plugin that lets us switch between the current pure-java implementation that doesn't
change user ids and a setuid implementation sounds reasonable. We should continue to support
the non-user-switch by default for clusters run by a single non-root user.


> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
>                 Key: HADOOP-4490
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4490
>             Project: Hadoop Core
>          Issue Type: Sub-task
>          Components: mapred, security
>            Reporter: Arun C Murthy
>            Assignee: Hemanth Yamijala
>             Fix For: 0.20.0
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them running as the
user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message