[jira] Commented: (HADOOP-4490) Map and Reduce tasks should run as the user who submitted the job

Hemanth Yamijala (JIRA) Mon, 22 Dec 2008 20:42:11 -0800

    [ 
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12658744#action_12658744
 ]


Hemanth Yamijala commented on HADOOP-4490:
------------------------------------------

The attached patch implements changes in the tasktracker to launch tasks using 
the setuid executable defined in HADOOP-4930. By doing so, it runs tasks as job 
owners. The CLI for the setuid exe is:
{code}
 task-controller <user-name> <command-enum-value> <job-id> <task-id> 
<tasktracker-root>
{code}

As mentioned in comments above, this patch only handles launching and killing 
of tasks, and does not handle file and directory permissions securely. In fact, 
it opens up the permissions so that both the tasktracker and task can share 
files and directories. However, this change is only done when the feature is 
enabled, and does not affect the default Hadoop behavior. When HADOOP-4491 and 
other issues are fixed, secure permissions will be replaced.

The changes in the patch include:
- A TaskController class that defines abstract methods for launching and 
killing tasks
- A DefaultTaskController where a little code from JvmManager has been moved
- A LinuxTaskController which implements the methods by calling the setuid 
executable of HADOOP-4930.
- A new configuration variable mapred.task.tracker.task-controller to define 
the specific type of TaskController to use. Defaults to DefaultTaskController.

Tested this on a single node cluster, along with the setuid executable of 
HADOOP-4930. Will follow-up with testing on larger clusters.

I request a review for the same.

> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
>                 Key: HADOOP-4490
>                 URL: https://issues.apache.org/jira/browse/HADOOP-4490
>             Project: Hadoop Core
>          Issue Type: Sub-task
>          Components: mapred, security
>            Reporter: Arun C Murthy
>            Assignee: Hemanth Yamijala
>         Attachments: HADOOP-4490.patch
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them 
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-4490) Map and Reduce tasks should run as the user who submitted the job

Reply via email to