[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12654496#action_12654496
]
Doug Cutting commented on HADOOP-4490:
--------------------------------------
> Steve: have some low-privilege user for running work; there isn't a 1:1
> mapping of grid users to user accounts
> Owen: running as the real user is important. If I run a job, I should not be
> able to look at or kill your job's data or tasks
Might it be possible to have a pool of low-privileged users, to remove the
requirement that every user has an account on every machine? Or maybe that
requirement's not that onerous, with PAM/LDAP?
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
