[
https://issues.apache.org/jira/browse/YARN-5765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15656333#comment-15656333
]
Naganarasimha G R commented on YARN-5765:
-----------------------------------------
@Thanks [~haibochen] & [[email protected]] for some insightful
comments
There are 2 other places apart from launch_container_as_user where in mkdirs
are getting used.
{code}
main
RUN_AS_USER_INITIALIZE_CONTAINER
mount_cgroup
mkdirs
create_validate_dir
MOUNT_CGROUPS
initialize_app
mkdirs
create_validate_dir
{code}
IIUC only setting umask before change_effective_user would not be ideal as it
would be required in other places too.
What i want to understand is what impact would it have if we do it always ? As
we never run the container-executor.c binary with root user refer (set_user ->
check_user) and would it be sufficient to reset the umask after mkdir ?
bq. This means that by removing chmod this change does not apply to cases
anymore, when the default ACL is too restrictive. Could this be an issue, or do
we rely on the admin to set the default ACL correctly?
Good query ... something to be thought about ! not sure we will be able to
handle it. One more question is if we reset the umask after mkdir then will the
container logs created will be accessible to the NM because of restrictive
rights ? would be ideal to set default ACL for the folders created and reset
the umask so that files created by the user under these directories have the
rightful permissions?
> LinuxContainerExecutor creates appcache and its subdirectories with wrong
> group owner.
> --------------------------------------------------------------------------------------
>
> Key: YARN-5765
> URL: https://issues.apache.org/jira/browse/YARN-5765
> Project: Hadoop YARN
> Issue Type: Bug
> Affects Versions: 2.8.0, 3.0.0-alpha1
> Reporter: Haibo Chen
> Assignee: Naganarasimha G R
> Priority: Blocker
> Attachments: YARN-5765.001.patch
>
>
> LinuxContainerExecutor creates usercache/\{userId\}/appcache/\{appId\} with
> wrong group owner, causing Log aggregation and ShuffleHandler to fail because
> node manager process does not have permission to read the files under the
> directory.
> This can be easily reproduced by enabling LCE and submitting a MR example job
> as a user that does not belong to the same group that NM process belongs to.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
