[ https://issues.apache.org/jira/browse/MESOS-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736044#comment-14736044 ]
DarinJ commented on MESOS-1790: ------------------------------- Bernd, The issue came up in myriad as a file container-executor is set g+s, this allows a node manager running as user "yarn" in the "yarn" group to execute a container as another user. The solution we came up with was to run the framework as root, set extract to false on the URIBuilder, and the run `tar -xzpf hadoop.tgz && sudo -u yarn bin/yarn nodemanager` (actually a bit messier but this is the idea). It works, the downside is it requires the framework to run as root. I expect this could be used in other frameworks where multiple users can launch tasks. Darin > Add "chown" option to CommandInfo.URI > ------------------------------------- > > Key: MESOS-1790 > URL: https://issues.apache.org/jira/browse/MESOS-1790 > Project: Mesos > Issue Type: Improvement > Reporter: Vinod Kone > Assignee: Jim Klucar > Labels: myriad, newbie > Attachments: > 0001-MESOS-1790-Adds-chown-option-to-CommandInfo.URI.patch > > > Mesos fetcher always chown()s the extracted executor URIs as the executor > user but sometimes this is not desirable, e.g., "setuid" bit gets lost during > chown() if slave/fetcher is running as root. > It would be nice to give frameworks the ability to skip the chown. -- This message was sent by Atlassian JIRA (v6.3.4#6332)