[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12651616#action_12651616
]
Owen O'Malley commented on HADOOP-4490:
---------------------------------------
+1 for a setuid program.
It should be written in C, not Java to ensure it has enough access to the
platform to actually be secure. In particular, it has to clear both real and
effective user ids.
I'd like to see the proposed list of commands for the setuid program.
No user-specified strings should be included on the command line, to avoid
special character attacks.
I agree with Sameer that we should have very tight permissions on the map
output and task directories. One of the subcommands should probably be to move
the outputs from somewhere like $task/output to somewhere like
$tt/output/$job/$task.
Having a plugin that lets us switch between the current pure-java
implementation that doesn't change user ids and a setuid implementation sounds
reasonable. We should continue to support the non-user-switch by default for
clusters run by a single non-root user.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
> Fix For: 0.20.0
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
