hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harsh J <ha...@cloudera.com>
Subject Re: Linux Container Executor (LCE) vs Default Container Executor(DCE)
Date Thu, 26 Mar 2015 18:31:01 GMT
> In both cases the container is executed under the user submitting it.

This is incorrect. The DCE executes as the NodeManager process user ('yarn'
typically), and the LCE in non-secure mode by default runs only as 'nobody'
(or arbitrary static user) unless asked to run as the actual user by
switching off the static user config.

On Thu, Mar 26, 2015 at 8:46 PM, Rajesh Kartha <kartha02@gmail.com> wrote:

> Hello,
>
> I was wondering what are the main differences between LCE and DCE under '
> *simple*' Hadoop security.
>
> From my readings LCE gives:
> - granularity to control execution  like ban users, min uid
> - use cgroups to control resources
>
> While DCE uses ulimits.
>
> In both cases the container is executed under the user submitting it.
>
> Any further insights is appreciated.
>
> Thanks,
> Rajesh
>



-- 
Harsh J

Mime
View raw message