hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode
Date Mon, 30 Sep 2013 17:43:24 GMT

    [ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782038#comment-13782038
] 

Alejandro Abdelnur commented on YARN-1253:
------------------------------------------

When using {{LinuxContainerExecutor.java}} in unsecure mode, we should have a {{yarn.nodemanager.linux-container-executor.unsecure-mode.local-user}}
(with {{yarnuser}} as default) property that defines the local user LCE should use to start
containers when used in unsecure mode.

The {{container-executor.c}} should received and extra parameter with the runAsUser, differentiating
it from the user (which is used to create the usercache/$USER/ directory. (the {{container-executor.c}}
code already is already prepared to handle this differentiation, the changes are minimal,
just passing the extra parameter and wiring it in the right places.

The {{yarnuser}} should be provisioned as system user in the nodes and added to the whitelisted
system users in the {{container-executor.cfg}} configuration, YARN-1137.

> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>             Fix For: 2.1.1-beta
>
>
> When using cgroups we require LCE to be configured in the cluster to start containers.

> When LCE starts containers as the user that submitted the job. While this works correctly
in a secure setup, in an un-secure setup this presents a couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to any local
file of other users
> Particularly, the second issue is not desirable as a user could get access to ssh keys
of other users in the nodes or if there are NFS mounts, get to other users data outside of
the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message