hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-3252) YARN LinuxContainerExecutor runs as nobody in Simple Security mode for all applications
Date Tue, 24 Feb 2015 17:15:04 GMT
Eric Yang created YARN-3252:
-------------------------------

             Summary: YARN LinuxContainerExecutor runs as nobody in Simple Security mode for
all applications
                 Key: YARN-3252
                 URL: https://issues.apache.org/jira/browse/YARN-3252
             Project: Hadoop YARN
          Issue Type: Bug
    Affects Versions: 2.5.2, 2.5.1, 2.6.0, 2.4.0, 2.3.0
         Environment: Linux
            Reporter: Eric Yang
            Priority: Critical


When using YARN + Slider + LinuxContainerExecutor, all slider application are running as nobody.
 This is because the modification in YARN-1253 to restrict all containers to run as a single
user.  This becomes a exploite to any application that runs inside YARN + Slider + LCE.  The
original behavior is more correct.  The original statement indicated that users can impersonate
any other users.  This supposed to be only valid for proxy users, who can proxy as other users.
 It is designed as intended that the service user needs to be trusted by the framework to
impersonate end users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message