hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh Kartha <karth...@gmail.com>
Subject Re: Linux Container Executor (LCE) vs Default Container Executor(DCE)
Date Fri, 27 Mar 2015 01:16:46 GMT
Thank you Harsh !!

Are there any other ways to find the owner of the containers.  I suppose
one way is doing a "*ps -ef|grep container*" and view the process details.

Regards,
Rajesh

On Thu, Mar 26, 2015 at 11:31 AM, Harsh J <harsh@cloudera.com> wrote:

> > In both cases the container is executed under the user submitting it.
>
> This is incorrect. The DCE executes as the NodeManager process user
> ('yarn' typically), and the LCE in non-secure mode by default runs only as
> 'nobody' (or arbitrary static user) unless asked to run as the actual user
> by switching off the static user config.
>
> On Thu, Mar 26, 2015 at 8:46 PM, Rajesh Kartha <kartha02@gmail.com> wrote:
>
>> Hello,
>>
>> I was wondering what are the main differences between LCE and DCE under '
>> *simple*' Hadoop security.
>>
>> From my readings LCE gives:
>> - granularity to control execution  like ban users, min uid
>> - use cgroups to control resources
>>
>> While DCE uses ulimits.
>>
>> In both cases the container is executed under the user submitting it.
>>
>> Any further insights is appreciated.
>>
>> Thanks,
>> Rajesh
>>
>
>
>
> --
> Harsh J
>

Mime
View raw message