[jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode

Mon, 30 Sep 2013 10:44:10 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782038#comment-13782038
 ] 

Alejandro Abdelnur commented on YARN-1253:
------------------------------------------

When using {{LinuxContainerExecutor.java}} in unsecure mode, we should have a 
{{yarn.nodemanager.linux-container-executor.unsecure-mode.local-user}} (with 
{{yarnuser}} as default) property that defines the local user LCE should use to 
start containers when used in unsecure mode.

The {{container-executor.c}} should received and extra parameter with the 
runAsUser, differentiating it from the user (which is used to create the 
usercache/$USER/ directory. (the {{container-executor.c}} code already is 
already prepared to handle this differentiation, the changes are minimal, just 
passing the extra parameter and wiring it in the right places.

The {{yarnuser}} should be provisioned as system user in the nodes and added to 
the whitelisted system users in the {{container-executor.cfg}} configuration, 
YARN-1137.

> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>             Fix For: 2.1.1-beta
>
>
> When using cgroups we require LCE to be configured in the cluster to start 
> containers. 
> When LCE starts containers as the user that submitted the job. While this 
> works correctly in a secure setup, in an un-secure setup this presents a 
> couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to 
> any local file of other users
> Particularly, the second issue is not desirable as a user could get access to 
> ssh keys of other users in the nodes or if there are NFS mounts, get to other 
> users data outside of the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to