[
https://issues.apache.org/jira/browse/YARN-7540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16314423#comment-16314423
]
Eric Yang commented on YARN-7540:
---------------------------------
Hadoop officially supports two distinct security modes, SIMPLE and Kerberos.
Simple mode was designed to run everything in the same user space for single
user mode. Kerberos supports multi-user mode using in combination with Linux
task controller to provide security. However, Linux task controller with
SIMPLE security creates a third combination which should not be support because
this combination has a privilege escalation security hole that it allows any
user to impersonate as any other user without any verification of end user
credential. The implementation of YARN-7540 and YARN-7605 blocked the third
mode from working because REST API without authentication fallback to
{{hadoop.http.staticuser.user}} setting to look for deployment artifacts. This
is the reason that Gour is seeing dr.who when YARN-7605 is applied. If down
stream project depends on the third mode, then I recommend to evaluate the
usage of down stream project to prevent opening up more security holes.
Security problem is not going to be solved by reverting this patch, quite the
opposite that you allow security hole to remain in the system, and potentially
assisted to open up more security holes in downstream projects. This is the
reason that I take no part in reverting this patch. Feel free to commit again
once you verified YARN-7605 matches your expectation.
> Convert yarn app cli to call yarn api services
> ----------------------------------------------
>
> Key: YARN-7540
> URL: https://issues.apache.org/jira/browse/YARN-7540
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Yang
> Assignee: Eric Yang
> Fix For: yarn-native-services
>
> Attachments: YARN-7540.001.patch, YARN-7540.002.patch,
> YARN-7540.003.patch, YARN-7540.004.patch, YARN-7540.005.patch,
> YARN-7540.006.patch
>
>
> For YARN docker application to launch through CLI, it works differently from
> launching through REST API. All application launched through REST API is
> currently stored in yarn user HDFS home directory. Application managed
> through CLI are stored into individual user's HDFS home directory. For
> consistency, we want to have yarn app cli to interact with API service to
> manage applications. For performance reason, it is easier to implement list
> all applications from one user's home directory instead of crawling all
> user's home directories. For security reason, it is safer to access only one
> user home directory instead of all users. Given the reasons above, the
> proposal is to change how {{yarn app -launch}}, {{yarn app -list}} and {{yarn
> app -destroy}} work. Instead of calling HDFS API and RM API to launch
> containers, CLI will be converted to call API service REST API resides in RM.
> RM perform the persist and operations to launch the actual application.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
