hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3252) YARN LinuxContainerExecutor runs as nobody in Simple Security mode for all applications
Date Tue, 24 Feb 2015 17:19:04 GMT

    [ https://issues.apache.org/jira/browse/YARN-3252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14335107#comment-14335107
] 

Allen Wittenauer commented on YARN-3252:
----------------------------------------

See YARN-2424.

> YARN LinuxContainerExecutor runs as nobody in Simple Security mode for all applications
> ---------------------------------------------------------------------------------------
>
>                 Key: YARN-3252
>                 URL: https://issues.apache.org/jira/browse/YARN-3252
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.3.0, 2.4.0, 2.6.0, 2.5.1, 2.5.2
>         Environment: Linux
>            Reporter: Eric Yang
>            Priority: Critical
>
> When using YARN + Slider + LinuxContainerExecutor, all slider application are running
as nobody.  This is because the modification in YARN-1253 to restrict all containers to run
as a single user.  This becomes a exploite to any application that runs inside YARN + Slider
+ LCE.  The original behavior is more correct.  The original statement indicated that users
can impersonate any other users.  This supposed to be only valid for proxy users, who can
proxy as other users.  It is designed as intended that the service user needs to be trusted
by the framework to impersonate end users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message