Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/23017#discussion_r233549712
--- Diff:
resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh ---
@@ -30,6 +30,10 @@ set -e
# If there is no passwd entry for the container UID, attempt to create one
if [ -z "$uidentry" ] ; then
if [ -w /etc/passwd ] ; then
+ # TODO Should we allow providing an environment variable to set
the desired username?
--- End diff --
Actually my previous analysis is not completely correct. The entrypoint is
indeed running as user 185. But:
```
bash-4.4$ ls -l /etc/passwd
-rw-rw-r-- 1 root root 1272 Nov 14 17:40 /etc/passwd
```
And:
```
bash-4.4$ id -u
185
bash-4.4$ id -g
0
```
So the group is still `root`, and user 185 can actually do a lot of things
that only root should.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
