[
https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137998#comment-13137998
]
Matei Zaharia commented on MESOS-52:
------------------------------------
Would it be OK to just submit these frameworks as root, or do you want to
submit them as a normal user? I think that if you turn switch_user on but
submit as root, things work fine.
> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
> Key: MESOS-52
> URL: https://issues.apache.org/jira/browse/MESOS-52
> Project: Mesos
> Issue Type: Improvement
> Reporter: brian wickman
> Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a
> per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which
> by default runs executors as the users via switch_user, but then a class of
> trusted frameworks privileged to run as root (e.g. operations frameworks, or
> ones that require LVM mounts and such, and to whom we'd delegate the
> responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would
> connect to the master using a PKI protocol. You could even go a step further
> and encrypt framework messages for those privileged frameworks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
