Hi Tomasz!
It is tricky to set up, but there are no implications to security if you
configure it correctly. Please read the discussion on [YARN-2424] LCE should
support non-cgroups, non-secure mode - ASF JIRA
HTH
Ravi
| |
| | | | | |
| [YARN-2424] LCE should support non-cgroups, non-secure mode - ASF JIRAAfter
YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios. |
| |
| View on issues.apache.org | Preview by Yahoo |
| |
| |
On Thursday, June 25, 2015 2:30 AM, Tomasz Fruboes
<[email protected]> wrote:
Dear Experts,
I'm running a small YARN cluster configured to use simple security,
LinuxContainerExecutor and
yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users=false
in order to get correct uid when executing jobs. This is needed to
access files from network exported filesystem.
I was wondering - does this posses any security risk (since
nonsecure-mode.limit is set to true by default in the simple security
mode)? I.e. is there a known way for a user to get uid of different user
with such configuration?
Cheers,
Tomasz
