[jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode

Mon, 30 Sep 2013 16:47:51 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782435#comment-13782435
 ] 

Alejandro Abdelnur commented on YARN-1253:
------------------------------------------

LCE it works in a no-secure setup, but it has 2 issues as stated in the 
description of the JIRA:

----
* LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
* Because users can impersonate other users, any user would have access to any 
local file of other users

Particularly, the second issue is not desirable as a user could get access to 
ssh keys of other users in the nodes or if there are NFS mounts, get to other 
users data outside of the cluster.
----

It could be argued that the first one could be a requirement (though, doing an 
analogy, it is not for HDFS permissions in unsecure mode)

The second issue is the, IMO, severe one. Specially for the the scenarios 
mentioned in the following up paragraph "Particularly, ...."


> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>
> When using cgroups we require LCE to be configured in the cluster to start 
> containers. 
> When LCE starts containers as the user that submitted the job. While this 
> works correctly in a secure setup, in an un-secure setup this presents a 
> couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to 
> any local file of other users
> Particularly, the second issue is not desirable as a user could get access to 
> ssh keys of other users in the nodes or if there are NFS mounts, get to other 
> users data outside of the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to