hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-88) DefaultContainerExecutor can fail to set proper permissions
Date Wed, 19 Sep 2012 14:52:07 GMT

    [ https://issues.apache.org/jira/browse/YARN-88?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458729#comment-13458729
] 

Jason Lowe commented on YARN-88:
--------------------------------

Doh, nevermind I got confused.  The logs are served up from the logs directory not the container
directory, and those permissions are set correctly after this patch.

It does make me wonder why we are explicitly granting group directory execute access to the
appId directory.  What does the nodemanager user need to access in there?  Should we instead
be locking down the usercache/${user}/appcache/${appId} to 700?  If so, then we're OK using
default permissions on the container and temp directories since the parent directory is locked
down.  If it is necessary for the appId directory to be 710, then it seems like the containerId
should also be 710 and the temp directory should be 700.
                
> DefaultContainerExecutor can fail to set proper permissions
> -----------------------------------------------------------
>
>                 Key: YARN-88
>                 URL: https://issues.apache.org/jira/browse/YARN-88
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 0.23.3, 2.0.0-alpha
>            Reporter: Jason Lowe
>            Assignee: Jason Lowe
>         Attachments: YARN-88.patch
>
>
> {{DefaultContainerExecutor}} can fail to set the proper permissions on its local directories
if the cluster has been configured with a restrictive umask, e.g.: fs.permissions.umask-mode=0077.
 The configured umask ends up defeating the permissions requested by {{DefaultContainerExecutor}}
when it creates directories.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message