[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12654530#action_12654530
]
Allen Wittenauer commented on HADOOP-4490:
------------------------------------------
The user who submits the job should be the user who runs the code on the
compute nodes due to issues that surround the environment outside Haddop. For
example, it is possible to submit a job that writes junk data to the low priv
user's home dir. Without tracking who submitted that job, ops would never know
who to go bonk on the head.
... and then there is streaming.
I can think of instances where it might be useful to have generic accounts run
stuff. In those instances, it is still much better to have that handled
outside Hadoop. [Either through setuid scripts, roles, sudo, kinit a special
keytab prior to job submit, whatever.] Let the OS/tool/ops team/whatever deal
with the accounting in those situations.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
