[ https://issues.apache.org/jira/browse/SPARK-43369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17728207#comment-17728207 ]
Yikun Jiang commented on SPARK-43369: ------------------------------------- This might not a issue according to https://github.com/docker-library/official-images/pull/13089#issuecomment-1561793792 ``` Yeah, it is extra, but harmless. A stronger guarantee to prevent privilege escalation would be in recommending that users set --security-opt=no-new-privileges (or allowPrivilegeEscalation: false in Kubernetes). ``` > Address comments about /etc/pam.d/su > ------------------------------------ > > Key: SPARK-43369 > URL: https://issues.apache.org/jira/browse/SPARK-43369 > Project: Spark > Issue Type: Sub-task > Components: Spark Docker > Affects Versions: 3.5.0 > Reporter: Yikun Jiang > Priority: Minor > > echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && > I am unsure what this is for? 😕 As far as I can tell, this means that only > members of the administrative group wheel (or 0 if there is no wheel) can > switch to another user using the su command. That might make sense on a > regular multi-user system, but I am unsure why it would matter for a > container. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org