[jira] [Commented] (MESOS-4772) TaskInfo/ExecutorInfo should include owner information

Mon, 07 Mar 2016 01:12:04 -0800 

    [ 
https://issues.apache.org/jira/browse/MESOS-4772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15182781#comment-15182781
 ] 

Adam B commented on MESOS-4772:
-------------------------------

2b. Mesos authenticates the user accessing Mesos http endpoints, which may or 
may not be the same user accessing the framework's http UI to request that the 
framework launch a task on behalf of the user. Mesos authenticates the 
framework prior to its registration, but has no way (unless the framework tells 
it) to know which user launches a particular task.
4. Only an individual framework can authenticate and authorize users of its own 
UI. Mesos cannot intercept at this point, especially not without the 
framework's assistance. This ticket is about enabling frameworks to provide 
this information to Mesos on task launch, so that Mesos can later make 
authorization decisions based on this information (separate tickets).
5. `FrameworkInfo.user` is not necessarily related to user of the framework's 
UI (or Mesos' UI). It is the linux user which the framework's tasks will run as 
(see `RunTask` ACL) by default, if no `CommandInfo.user` is specified for the 
task/executor. Consider that Alice and Bob may both want to use the Hadoop 
framework to run tasks as the `hadoop` user.


> TaskInfo/ExecutorInfo should include owner information
> ------------------------------------------------------
>
>                 Key: MESOS-4772
>                 URL: https://issues.apache.org/jira/browse/MESOS-4772
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Adam B
>            Assignee: Jan Schlicht
>              Labels: authorization, mesosphere, ownership, security
>
> We need a way to assign fine-grained ownership to tasks/executors so that 
> multi-user frameworks can tell Mesos to associate the task with a user 
> identity (rather than just the framework principal+role). Then, when an HTTP 
> user requests to view the task's sandbox contents, or kill the task, or list 
> all tasks, the authorizer can determine whether to allow/deny/filter the 
> request based on finer-grained, user-level ownership.
> Some systems may want TaskInfo.owner to represent a group rather than an 
> individual user. That's fine as long as the framework sets the field to the 
> group ID in such a way that a group-aware authorizer can interpret it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to