hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomasz Fruboes <Tomasz.Frub...@fuw.edu.pl>
Subject YARN and LinuxContainerExecutor in simple security mode
Date Thu, 25 Jun 2015 09:30:14 GMT
Dear Experts,

  I'm running a small YARN cluster configured to use simple security, 
LinuxContainerExecutor and

  yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users=false

  in order to get correct uid when executing jobs. This is needed to 
access files from network exported filesystem.

  I was wondering - does this posses any security risk (since 
nonsecure-mode.limit is set to true by default in the simple security 
mode)? I.e. is there a known way for a user to get uid of different user 
with such configuration?

  Cheers,
    Tomasz


Mime
View raw message