[
https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138127#comment-13138127
]
Matei Zaharia commented on MESOS-52:
------------------------------------
Is the concern that some users will accidentally submit their framework as
root? In that case it does seem that a separate permissions system through a
PKI is needed. Otherwise, I was just saying that if root submits the "run as
root" frameworks and switch_user is on, those frameworks will still run as root
(as far as I know).
> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
> Key: MESOS-52
> URL: https://issues.apache.org/jira/browse/MESOS-52
> Project: Mesos
> Issue Type: Improvement
> Reporter: brian wickman
> Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a
> per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which
> by default runs executors as the users via switch_user, but then a class of
> trusted frameworks privileged to run as root (e.g. operations frameworks, or
> ones that require LVM mounts and such, and to whom we'd delegate the
> responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would
> connect to the master using a PKI protocol. You could even go a step further
> and encrypt framework messages for those privileged frameworks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
