[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12655922#action_12655922
]
Hemanth Yamijala commented on HADOOP-4490:
------------------------------------------
I had an offline discussion with Sameer about how to get this patch in. To make
it easier for reviewing, maybe it makes sense to split the task up into
multiple sub tasks. Atleast 3 that are identified are:
- Launch and kill tasks (this would involve RUN_TASK and KILL_TASK commands)
- Handle local data securely (this would involve SETUP_TASK and
MOVE_TASK_OUTPUT and CLEANUP_TASK commands)
- Handle distributed cache.
In order to get a working launch and kill tasks patch though, the file and
directory permissions will need to be opened up to allow access to all users.
Each of the other patches will make it more secure.
Please note that we have discussed the approach of how we will address
directory and file permissions (such as intermediate outputs) in this JIRA
already. This proposal is only to make it simpler to get some incremental
patches in. Would this work ? If yes, I will use this JIRA to handle the first
of the three tasks, then use HADOOP-4491 and HADOOP-4493 for the others.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
