hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Prakash <ravi...@ymail.com>
Subject Re: YARN and LinuxContainerExecutor in simple security mode
Date Mon, 29 Jun 2015 19:43:37 GMT
Hi Tomasz!
It is tricky to set up, but there are no implications to security if you configure it correctly.
Please read the discussion on [YARN-2424] LCE should support non-cgroups, non-secure mode
- ASF JIRA 

HTH
Ravi

|   |
|   |   |   |   |   |
| [YARN-2424] LCE should support non-cgroups, non-secure mode - ASF JIRAAfter YARN-1253, LCE
no longer works for non-secure, non-cgroup scenarios.  |
|  |
| View on issues.apache.org | Preview by Yahoo |
|  |
|   |






     On Thursday, June 25, 2015 2:30 AM, Tomasz Fruboes <Tomasz.Fruboes@fuw.edu.pl>
wrote:
   

 Dear Experts,

  I'm running a small YARN cluster configured to use simple security, 
LinuxContainerExecutor and

  yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users=false

  in order to get correct uid when executing jobs. This is needed to 
access files from network exported filesystem.

  I was wondering - does this posses any security risk (since 
nonsecure-mode.limit is set to true by default in the simple security 
mode)? I.e. is there a known way for a user to get uid of different user 
with such configuration?

  Cheers,
    Tomasz



  
Mime
View raw message