[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12661068#action_12661068
]
Hemanth Yamijala commented on HADOOP-4490:
------------------------------------------
I attached a new patch that is more comprehensive. All changes from the
previous patch still hold good. This one adds the correct permissions for all
relevant files and directories, except distributed cache.
The previous patch only set relevant permissions on the task and log cache
directories for all users, with the intent that tasks running as any user
should be able to create and use other files and directories under them. This
requirement still applies. However, there are other files and directories whose
access needs to be adjusted too. The new patch addresses these changes:
- It sets permissions on the job related jar files and other directories
allowing access to everyone.
- It sets read and execute permissions on directory paths until the task / job
cache and log directories. For e.g. if a task cache directory is created under
${mapred.local.dir}/taskTracker/jobcache, all paths in this component are
attempted to be given read and execute (and no write) access for all users.
This is required for looking up paths and locating / reading files created by
the tasktracker.
Both the changes above are required in future as well. Except then, the
permission string would be more restrictive (disallowing access to group and
others).
The previous patch was working because of a subtle behavior in setuid. On the
systems where we tested, the umask was set such that read and execute
permissions were provided to group by default. So, any of the job files created
by the tasktracker had read and execute to the group to which the tasktracker
user belonged. When the setuid executable switched users, it does not clear the
supplementary group information of the launcher. Hence, the new process running
as the job owner still had access to the groups to which the tasktracker
belonged, and hence worked. Again, in HADOOP-4491, we propose to remove all
access for the group ownership also, and hence this will not be an issue.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
> Attachments: hadoop-4490-design.pdf, HADOOP-4490.patch,
> HADOOP-4490.patch
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
