[
https://issues.apache.org/jira/browse/YARN-8520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568764#comment-16568764
]
Eric Yang commented on YARN-8520:
---------------------------------
Thank you for the review [~shaneku...@gmail.com]. In patch 2, I created an
anchor to link from Docker Images Requirements to User Management in Docker
Container. I also improved the introduction paragraph to include other
possible options for user/group lookup. SSSD is chosen for step by step
example because it is the popular option on modern Linux distro. The third
point is simplified for new user to be aware of importance of uid/gid
uniformity. I did not mention Cgroups and Security section because multiple
YARN users writing to host cgroup to require YARN user's uid/gid uniformity.
This problem happens in docker in docker use case, which is uncommon. Hence,
the instruction is simplified for readability.
> Document best practice for user management
> ------------------------------------------
>
> Key: YARN-8520
> URL: https://issues.apache.org/jira/browse/YARN-8520
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: documentation, yarn
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Attachments: YARN-8520.001.patch, YARN-8520.002.patch
>
>
> Docker container must have consistent username and groups with host operating
> system when external mount points are exposed to docker container. This
> prevents malicious or unauthorized impersonation to occur. This task is to
> document the best practice to ensure user and group membership are consistent
> across docker containers.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
