[
https://issues.apache.org/jira/browse/HADOOP-4490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arun C Murthy updated HADOOP-4490:
----------------------------------
Status: Open (was: Patch Available)
Some comments after a discussion with Hemanth:
# We agree that DistributedCacheFileAccessInfo isn't necessary. We'll wait for
HADOOP-4493 to fix access control to the DistributedCache, until which we will
just allow requisite access to all files in the cache (755).
# FileUtil.setPermissionsForPathComponents and opening of permissions to
mapred.local.dir via LinuxTaskController.setConf bother me. I see 4 different
hooks we that we need to provide for setup/cleanup:
#* per-tracker (i.e. at TaskTracker initialization e.g. setting up
mapred.local.dir)
#* per-job (job jars)
#* per-jvm (task log files)
#* per-task
Of course we might not need all the cleanup hooks.
# The TaskController itself should be stateless, the above hooks should be
plugged into at appropriate places e.g. TaskTracker.localizeJob should call
TaskController.initializeJob rather than having LinuxTaskController maintaining
state as in the patch.
> Map and Reduce tasks should run as the user who submitted the job
> -----------------------------------------------------------------
>
> Key: HADOOP-4490
> URL: https://issues.apache.org/jira/browse/HADOOP-4490
> Project: Hadoop Core
> Issue Type: Sub-task
> Components: mapred, security
> Reporter: Arun C Murthy
> Assignee: Hemanth Yamijala
> Attachments: hadoop-4490-design.pdf, HADOOP-4490.patch,
> HADOOP-4490.patch, HADOOP-4490.patch, HADOOP-4490.patch, HADOOP-4490.patch,
> HADOOP-4490.patch, HADOOP-4490.patch
>
>
> Currently the TaskTracker spawns the map/reduce tasks, resulting in them
> running as the user who started the TaskTracker.
> For security and accounting purposes the tasks should be run as the job-owner.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
