hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to run containers as a single dedicated user in non-secure mode
Date Tue, 01 Oct 2013 20:41:27 GMT

    [ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13783318#comment-13783318

Todd Lipcon commented on YARN-1253:

bq. We should refactor that code out to be able to use it as a standalone library/binary (which
doesn't bring in the extra baggage of user-accounts etc.) - that's the correct fix IMO. Putting
in a local-user is an easy short-term solution

I think separating the local "run-as" user from the daemon user has other benefits as well,
separate from cgroups. This is a long-standing tradition in Unix services - eg Apache httpd
typically runs CGI scripts as "nobody" unless suexec is configured. So this change still has

> Changes to LinuxContainerExecutor to run containers as a single dedicated user in non-secure
> -------------------------------------------------------------------------------------------------
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>         Attachments: YARN-1253.patch.txt
> When using cgroups we require LCE to be configured in the cluster to start containers.

> When LCE starts containers as the user that submitted the job. While this works correctly
in a secure setup, in an un-secure setup this presents a couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to any local
file of other users
> Particularly, the second issue is not desirable as a user could get access to ssh keys
of other users in the nodes or if there are NFS mounts, get to other users data outside of
the cluster.

This message was sent by Atlassian JIRA

View raw message