[
https://issues.apache.org/jira/browse/AURORA-1641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15196459#comment-15196459
]
Bill Farner commented on AURORA-1641:
-------------------------------------
[~shirchen] do you have bandwidth to tackle this?
> Shell health checker is running as root
> ---------------------------------------
>
> Key: AURORA-1641
> URL: https://issues.apache.org/jira/browse/AURORA-1641
> Project: Aurora
> Issue Type: Bug
> Components: Executor, Security
> Reporter: Stephan Erb
> Priority: Blocker
>
> As the operator of an Aurora cluster, I have to guarantee that users can run
> commands only with the privileges of their {{role}}. The new health checker
> feature is risky in that regard, as it runs all health check commands with
> the privileges of the Thermos runner. In most common deployments this is root.
> The Thermos runner supports various means for setting the uid/user/role that
> is used to run user processes. The same configuration should also apply to
> the user-defined health checking command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
