Return-Path: X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1F1C711B81 for ; Mon, 15 Sep 2014 13:35:34 +0000 (UTC) Received: (qmail 96803 invoked by uid 500); 15 Sep 2014 13:35:34 -0000 Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org Received: (qmail 96749 invoked by uid 500); 15 Sep 2014 13:35:34 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: yarn-issues@hadoop.apache.org Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 96736 invoked by uid 99); 15 Sep 2014 13:35:33 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Sep 2014 13:35:33 +0000 Date: Mon, 15 Sep 2014 13:35:33 +0000 (UTC) From: "Remus Rusanu (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (YARN-2485) Fix WSCE folder/file/classpathJar permission/order when running as non-admin MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/YARN-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Remus Rusanu resolved YARN-2485. -------------------------------- Resolution: Duplicate This is fixed by YARN-2458 implementation of a en 'elevated' file system for WSCE. > Fix WSCE folder/file/classpathJar permission/order when running as non-admin > ---------------------------------------------------------------------------- > > Key: YARN-2485 > URL: https://issues.apache.org/jira/browse/YARN-2485 > Project: Hadoop YARN > Issue Type: Sub-task > Components: nodemanager > Reporter: Remus Rusanu > Assignee: Remus Rusanu > Labels: security, windows > > The WSCE creates the local, usercache, filecache appcache dirs in the normal DefaultContainerExecutor way, and then assigns ownership to the userprocess. The WSCE configured group is added, but the permission masks used (710) do no give write permissions on the appcache/filecache/usercache folder to the NM itself. > The creation of these folders, as well as the creation of the temporary classPath jar files must succeed even after thes file/dir ownership is relinquished to the task user and the NM does not run as a local Administrator. > LCE handles all these dirs inside the container-executor app (root). The classpathJar issue does not exists on Linux. > The dirs can be handled by simply delaying the transfer (create all dirs and temp files, then assign ownership in bulk) but the task classpathJar is 'special' and needs some refactoring of the NM launch sequence. -- This message was sent by Atlassian JIRA (v6.3.4#6332)