Eric Yang created YARN-3252:
-------------------------------
Summary: YARN LinuxContainerExecutor runs as nobody in Simple
Security mode for all applications
Key: YARN-3252
URL: https://issues.apache.org/jira/browse/YARN-3252
Project: Hadoop YARN
Issue Type: Bug
Affects Versions: 2.5.2, 2.5.1, 2.6.0, 2.4.0, 2.3.0
Environment: Linux
Reporter: Eric Yang
Priority: Critical
When using YARN + Slider + LinuxContainerExecutor, all slider application are
running as nobody. This is because the modification in YARN-1253 to restrict
all containers to run as a single user. This becomes a exploite to any
application that runs inside YARN + Slider + LCE. The original behavior is
more correct. The original statement indicated that users can impersonate any
other users. This supposed to be only valid for proxy users, who can proxy as
other users. It is designed as intended that the service user needs to be
trusted by the framework to impersonate end users.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
