hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ray Chiang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-4579) Allow container directory permissions to be configurable
Date Wed, 13 Jan 2016 02:44:39 GMT

    [ https://issues.apache.org/jira/browse/YARN-4579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15095503#comment-15095503
] 

Ray Chiang commented on YARN-4579:
----------------------------------

I don't have all the specifics, but I have one request where they're using a third-party tool
to pull data from the container logs.  The tool can't run as user 'yarn' and the hardcoded
directory permissions of 710 is preventing this tool/flow from working.  I do agree it's a
bit of a weird corner case, since I'd assume this would only apply to customers that aren't
as concerned about security (at least with respect to logs).

As for design, it looks like each subclass of ContainerExecutor has its own implementation
(or inherited) of startLocalizer().  Are you thinking of generalizing the directory location/permissions/other
requirements into LocalizerStartContext or did you have something else in mind?


> Allow container directory permissions to be configurable
> --------------------------------------------------------
>
>                 Key: YARN-4579
>                 URL: https://issues.apache.org/jira/browse/YARN-4579
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 2.8.0
>            Reporter: Ray Chiang
>            Assignee: Ray Chiang
>              Labels: supportability
>         Attachments: YARN-4579.001.patch, YARN-4579.002.patch, YARN-4579.003.patch
>
>
> By default, container directory permissions are hardcoded to this member in DefaultContainerExecutor:
>   static final short LOGDIR_PERM = (short)0710;
> There are some cases where less restrictive permissions are desired.  Make this configurable.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message