Guess I don't understand then. Let me give some tests I ran for
understanding ACL, but am not clear which unix users is this. Assume I have
two nodes.
Node1 - runs Mesos-master and marathon
Node2 - runs mesos-slave
Both the above nodes have an users named devel and root.
Test1: I started the mesos-master with the following acl.json
"run_tasks": [
{
"principals": {
"values": [
"marathon"
]
},
"users": {
"values": [
"root",
"devel"
]
}
},
{
"principals": {
"values": [
"marathon"
]
},
"users": {
"type": "NONE"
}
}
]
I was able to launch the tasks from the marathon. Now I modified the
acl.json as follow and relaunched the mesos-master. In this I wanted to
make the task fail and see the error
"principals": {
"values": [
"marathon"
]
},
"users": {
"values": [
"user1"
]
}
Even now I am able to launch the tasks from the marathon instance. So, can
you please tell me which nodes unix user does values under "users" tag
refers to? Am I making anything wrong in the way I am using run_tasks??
Thanks,
./Siva
On Thu, Mar 5, 2015 at 11:35 PM, Vinod Kone <[email protected]> wrote:
> I'm not very familiar with Marathon, but the 'user' in the 'run_tasks' ACL
> is the unix user that the executor/run process runs as. This user is set by
> frameworks by setting 'CommandInfo.user'.
>
> On Thu, Mar 5, 2015 at 9:06 AM, Sivaram Kannan <[email protected]>
> wrote:
>
>>
>> Hi,
>>
>> The user that is defined as part of Mesos's Authorization ACL, which user
>> is it? Taking marathon framework as example, the users defined as part of
>> run_tasks principal, is it the user that is used to run marathon executable
>> or the unix user available in the mesos-slave's?
>>
>> Documentation in
>> http://mesos.apache.org/documentation/latest/authorization/ does not
>> seems to be clear on that. Can someone clarify?
>>
>> Thanks,
>> ./Siva.
>>
>>
>
--
ever tried. ever failed. no matter.
try again. fail again. fail better.
-- Samuel Beckett
