[jira] Commented: (HADOOP-4490) Map and Reduce tasks should run as the user who submitted the job

Mon, 22 Dec 2008 00:21:09 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658463#action_12658463
 ] 

Hemanth Yamijala commented on HADOOP-4490:
------------------------------------------

bq. It would also be good to have the task tracker root directories in a 
separate config file that can be owned by root. 

We are taking care of this point in the setuid executable. One question is to 
determine how the location of this secure config file will known to the 
executable. Following are our options:

Option 1: Read from the environment variable HADOOP_CONF_DIR
Option 2: Take a command line option to specify the location of the file.
Option 3: Have it as a build time configuration parameter, and encode into the 
executable (like for instance, pass it as an autoconf option).

Options 1 and 2 may allow users to launch the executable pointing to some 
custom path. Option 3 would completely avoid this, and make it more secure.

For the sake of deployment, I think the setuid executable should be built using 
a separate ant target, as it would need to be setup as owned by root etc. So, 
maybe it is easy to do Option 3 in that case. If we decide to go with one of 
the other two options, we should mandate additional checks to make sure that 
the configuration file is owned by the root user, as Owen mentioned.

Any comments ?

> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
>                 Key: HADOOP-4490
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4490
>             Project: Hadoop Core
>          Issue Type: Sub-task
>          Components: mapred, security
>            Reporter: Arun C Murthy
>            Assignee: Hemanth Yamijala
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them 
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to