hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode
Date Mon, 30 Sep 2013 17:43:24 GMT

    [ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782038#comment-13782038

Alejandro Abdelnur commented on YARN-1253:

When using {{LinuxContainerExecutor.java}} in unsecure mode, we should have a {{yarn.nodemanager.linux-container-executor.unsecure-mode.local-user}}
(with {{yarnuser}} as default) property that defines the local user LCE should use to start
containers when used in unsecure mode.

The {{container-executor.c}} should received and extra parameter with the runAsUser, differentiating
it from the user (which is used to create the usercache/$USER/ directory. (the {{container-executor.c}}
code already is already prepared to handle this differentiation, the changes are minimal,
just passing the extra parameter and wiring it in the right places.

The {{yarnuser}} should be provisioned as system user in the nodes and added to the whitelisted
system users in the {{container-executor.cfg}} configuration, YARN-1137.

> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>             Fix For: 2.1.1-beta
> When using cgroups we require LCE to be configured in the cluster to start containers.

> When LCE starts containers as the user that submitted the job. While this works correctly
in a secure setup, in an un-secure setup this presents a couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to any local
file of other users
> Particularly, the second issue is not desirable as a user could get access to ssh keys
of other users in the nodes or if there are NFS mounts, get to other users data outside of
the cluster.

This message was sent by Atlassian JIRA

View raw message