hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remus Rusanu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2458) Add file handling features to the Windows Secure Container Executor LRPC service
Date Wed, 10 Sep 2014 20:42:35 GMT

    [ https://issues.apache.org/jira/browse/YARN-2458?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14129061#comment-14129061
] 

Remus Rusanu commented on YARN-2458:
------------------------------------

The solution proposed here is to have the Windows Secure container Executor use its own FileContext
and FileSystem. The WSCE filesystem is derived from the RawLocalFilesystem and overrides the
actual creation of directories, setPermissions, setOwner and createOutputStream operations.
These operations are executed via the JNI/LRPC by calling corresponding remote methods offered
by the hadoopwinutilsvc service. This service runs as a privileged user (LocalSystem) and
thus can execute certain operations forbidden to the NM, like writing into the container dirs
(owned by the container user). The actual implementation of methods like setOwner/setPermissions
is the same as previous ones, whether it was invoked via winutils chown/chmod or via the Native
Hadoop.dll JNI, the code is exactly the same and is shared via libwinutils. This changes simply
offer a mechanism to exect this code in an elevated process.
The patches also contain some changes around classpath jar creation: prviosuly it was created
directly into the destination dir (the container private dirs). this is not forbidden because
the NM doe snot have the right to do it. Instead the classpath jars are create in the private
nmPrivate folder and then moved into the container dirs (via a copy/move API offered by hadoopwinutilsvc).

> Add file handling features to the Windows Secure Container Executor LRPC service
> --------------------------------------------------------------------------------
>
>                 Key: YARN-2458
>                 URL: https://issues.apache.org/jira/browse/YARN-2458
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Remus Rusanu
>            Assignee: Remus Rusanu
>              Labels: security, windows
>         Attachments: YARN-2458.1.patch, YARN-2458.2.patch
>
>
> In the WSCE design the nodemanager needs to do certain privileged operations like change
file ownership to arbitrary users or delete files owned by the task container user after completion
of the task. As we want to remove the Administrator privilege  requirement from the nodemanager
service, we have to move these operations into the privileged LRPC helper service. 
> Extend the RPC interface to contain methods for change file ownership and manipulate
files, add JNI client side and implement the server side. This will piggyback on the existing
LRPC service so is not much infrastructure to add (run as service, RPC init, authentictaion
and authorization are already solved). It just needs to be implemented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message