Stephan Erb created AURORA-1641:
-----------------------------------
Summary: Shell health checker is running as root
Key: AURORA-1641
URL: https://issues.apache.org/jira/browse/AURORA-1641
Project: Aurora
Issue Type: Story
Components: Executor, Security
Reporter: Stephan Erb
Priority: Blocker
As the operator of an Aurora cluster, I have to guarantee that users can run
commands only with the privileges of their {{role}}. The new health checker
feature is risky in that regard, as it runs all health check commands with the
privileges of the Thermos runner. In most common deployments this is root.
The Thermos runner supports various means for setting the uid/user/role that is
used to run user processes. The same configuration should also apply to the
user-defined health checking command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
