[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652015#action_12652015
]
Hemanth Yamijala commented on HADOOP-4490:
------------------------------------------
Thanks for the comments, Owen.
bq. It should be written in C, not Java to ensure it has enough access to the
platform to actually be secure. In particular, it has to clear both real and
effective user ids.
Yes, I had that in mind. Specifically, I was planning to do something like
setuid(getpwnam(user_name)->pw_uid). Since this would be done by a program
running as superuser (the setuid exe), it would clear both the real and
effective uids.
bq. I'd like to see the proposed list of commands for the setuid program.
Sure, I will work on that and post the list here. In order to be reasonably
complete, I think I should have a version that's working. So, I will start
prototyping on the lines I described above.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
> Fix For: 0.20.0
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
