[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12654392#action_12654392
]
Steve Loughran commented on HADOOP-4490:
----------------------------------------
Hemanth -you are right, for streaming/pipes stuff a second identity is needed.
What some of the grid toolkits have done in the past is have some low-privilege
user for running work; there isn't a 1:1 mapping of grid users to user
accounts, instead the worker is allowed access to the relevant files of a user
for a while, then at the end of the job, that data goes away. This eliminates
some of the account management problems, though forces you to make sure that
the worker doesnt have access to any old/shared data on the same filesystem.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
