[
https://issues.apache.org/jira/browse/SLIDER-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manoj Samel updated SLIDER-1114:
--------------------------------
Description:
Environment is slider .80 on Hadoop 2.6 secured cluster
A component is launched for each distinct user of the service (via upgrade).
E.g. when user A accesses service, do a "upgrade" and create a component for
user A. When user B comes, create another component for user B etc.
At present, all of these components are launched & run as single linux user -
this is the user who launches slider AM.
Security needs may demand that each component be run as its own linux user.
This ask is similar to how secured Hadoop cluster launches MR jobs for user
using user's login
Expected ask is as follows ...
Launch slider AM as user "admin"
Run component for user A as user A's uid and gid
Run component for user B as user B's uid and gid
It seems this was thought about and then commented out in some version
In version .80; resource_management/core/resources/system.py, I noticed that
class Execute can take a parameter "user". Its not clear if and how this could
be used. In core/shell.py, the logic around "user" is commented out with
comment " Do not su to the supplied user"
was:
Environment is slider .80 on Hadoop 2.6 secured cluster
A component is launched for each distinct user of the service (via upgrade).
E.g. when user A accesses service, do a "upgrade" and create a component for
user A. When user B comes, create another component for user B etc.
At present, all of these components are launched & run as single linux user -
this is the user who launches slider AM.
Security needs may demand that each component be run as its own linux user.
This ask is similar to how secured Hadoop cluster launches MR jobs for user
using user's login
Expected ask is as follows ...
Launch slider AM as user "admin"
Launch component for user A as user A's login
Launch component for user B as user B's login
It seems this was thought about and then commented out in some version
In version .80; resource_management/core/resources/system.py, I noticed that
class Execute can take a parameter "user". Its not clear if and how this could
be used. In core/shell.py, the logic around "user" is commented out with
comment " Do not su to the supplied user"
> Provide option to launch components as different user(s)
> --------------------------------------------------------
>
> Key: SLIDER-1114
> URL: https://issues.apache.org/jira/browse/SLIDER-1114
> Project: Slider
> Issue Type: New Feature
> Affects Versions: Slider 0.80
> Reporter: Manoj Samel
>
> Environment is slider .80 on Hadoop 2.6 secured cluster
> A component is launched for each distinct user of the service (via upgrade).
> E.g. when user A accesses service, do a "upgrade" and create a component for
> user A. When user B comes, create another component for user B etc.
> At present, all of these components are launched & run as single linux user -
> this is the user who launches slider AM.
> Security needs may demand that each component be run as its own linux user.
> This ask is similar to how secured Hadoop cluster launches MR jobs for user
> using user's login
> Expected ask is as follows ...
> Launch slider AM as user "admin"
> Run component for user A as user A's uid and gid
> Run component for user B as user B's uid and gid
> It seems this was thought about and then commented out in some version
> In version .80; resource_management/core/resources/system.py, I noticed that
> class Execute can take a parameter "user". Its not clear if and how this
> could be used. In core/shell.py, the logic around "user" is commented out
> with comment " Do not su to the supplied user"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
