hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrey Stepachev (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-1853) Allow containers to be ran under real user even in insecure mode
Date Fri, 28 Mar 2014 15:50:15 GMT

     [ https://issues.apache.org/jira/browse/YARN-1853?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrey Stepachev updated YARN-1853:
-----------------------------------

    Attachment: YARN-1853.patch

Updated patch. RMAppManager should check existence of user before submitting app in insecure
mode and reject if no user found.
(this patch defensive, check user only in non-impersonate mode).

> Allow containers to be ran under real user even in insecure mode
> ----------------------------------------------------------------
>
>                 Key: YARN-1853
>                 URL: https://issues.apache.org/jira/browse/YARN-1853
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>    Affects Versions: 2.2.0
>            Reporter: Andrey Stepachev
>         Attachments: YARN-1853.patch, YARN-1853.patch
>
>
> Currently unsecure cluster runs all containers under one user (typically nobody). That
is not appropriate, because yarn applications doesn't play well with hdfs having enabled permissions.
Yarn applications try to write data (as expected) into /user/nobody regardless of user, who
launched application.
> Another sideeffect is that it is not possible to configure cgroups for particular users.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message