[jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode

Mon, 30 Sep 2013 19:25:24 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782572#comment-13782572
 ] 

Vinod Kumar Vavilapalli commented on YARN-1253:
-----------------------------------------------

Agree with [~acmurthy], LCE + unsecure mode can already be used to do cgroup. 
If there are bugs, we should fix them.

bq. LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
Yes, this has always been a requirement. I think there is some effort going on 
in the Windows world of Hadoop to change this, you should look at it.

bq. Because users can impersonate other users, any user would have access to 
any local file of other users
Even if the jobs run as a single 'yarnuser', security isn't still there - like 
Arun said, any body can bomb HDFS directories of other users, any user can kill 
any other user's tasks/containers, any one can delete any one else's local 
dirs, log-dir and so on. We could argue which is worse - stealing user's 
passwords or deleting other user's data on DFS - it depends on who you ask. If 
you want security, you should enable security.


> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>
> When using cgroups we require LCE to be configured in the cluster to start 
> containers. 
> When LCE starts containers as the user that submitted the job. While this 
> works correctly in a secure setup, in an un-secure setup this presents a 
> couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to 
> any local file of other users
> Particularly, the second issue is not desirable as a user could get access to 
> ssh keys of other users in the nodes or if there are NFS mounts, get to other 
> users data outside of the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to