[
https://issues.apache.org/jira/browse/MESOS-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736044#comment-14736044
]
DarinJ commented on MESOS-1790:
-------------------------------
Bernd,
The issue came up in myriad as a file container-executor is set g+s, this
allows a node manager running as user "yarn" in the "yarn" group to execute a
container as another user. The solution we came up with was to run the
framework as root, set extract to false on the URIBuilder, and the run `tar
-xzpf hadoop.tgz && sudo -u yarn bin/yarn nodemanager` (actually a bit messier
but this is the idea). It works, the downside is it requires the framework to
run as root. I expect this could be used in other frameworks where multiple
users can launch tasks.
Darin
> Add "chown" option to CommandInfo.URI
> -------------------------------------
>
> Key: MESOS-1790
> URL: https://issues.apache.org/jira/browse/MESOS-1790
> Project: Mesos
> Issue Type: Improvement
> Reporter: Vinod Kone
> Assignee: Jim Klucar
> Labels: myriad, newbie
> Attachments:
> 0001-MESOS-1790-Adds-chown-option-to-CommandInfo.URI.patch
>
>
> Mesos fetcher always chown()s the extracted executor URIs as the executor
> user but sometimes this is not desirable, e.g., "setuid" bit gets lost during
> chown() if slave/fetcher is running as root.
> It would be nice to give frameworks the ability to skip the chown.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
