I'm able to use the UGI.doAs(..) to launch a yarn app and, through the ResourceManager, both the ApplicationMaster and Containers are associated with the correct user. But the process on the node itself really runs as the yarn user. The problem is that the yarn app writes data to DFS and its being written as yarn, since that's what the real process is. This is an non-secure cluster. I've yet to stumble upon a solution that doesn't feel icky. What's the right way to achieve this?
Thanks, --tim
