[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12649658#action_12649658
]
Craig Macdonald commented on HADOOP-4490:
-----------------------------------------
I think that (2) depends on how (1) is proposed to be addressed. If you assume
that (1) is addressed by using seteuid() or the su command such that processes
actually run on the system as the appropriate user, then (2) is extremely
difficult without being ruin as root.
If (1) is addressed just by setting the UGI in some way, then this had
disadvantages compared to the seteuid/su - which facilitates secured access to
non-HDFS resources (e.g. NFS in smaller environments).
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
> Fix For: 0.20.0
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
