[
https://issues.apache.org/jira/browse/YARN-9442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16809950#comment-16809950
]
Jim Brennan edited comment on YARN-9442 at 4/4/19 3:23 PM:
-----------------------------------------------------------
Specifically, we have something like this now:
{noformat}
Nodemanager: user: mapred group: hadoop
User: jbrennan02 group: users
drwxr-s--- 4 jbrennan02 hadoop 4096 Apr 3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 hadoop 4096 Apr 4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 hadoop 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002
drwxr-s--- 4 jbrennan02 hadoop 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
And the suggestion is to change this to:
{noformat}
drwxr-s--- 4 jbrennan02 hadoop 4096 Apr 3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 hadoop 4096 Apr 4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 hadoop 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002
drwx--s--- 4 jbrennan02 hadoop 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
The change is fairly simple, but it's hard to be sure if there are unforeseen
consequences because it has been this way for a long time. Please let me know
if you have any concerns about this change.
Are there any examples where the node manager group needs read permissions for
the container working directories?
cc: [~jeagles]
was (Author: jim_brennan):
Specifically, we have something like this now:
{noformat}
drwxr-s--- 4 jbrennan02 users 4096 Apr 3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 users 4096 Apr 4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 users 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002
drwxr-s--- 4 jbrennan02 users 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
And the suggestion is to change this to:
{noformat}
drwxr-s--- 4 jbrennan02 users 4096 Apr 3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 users 4096 Apr 4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 users 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002
drwx--s--- 4 jbrennan02 users 4096 Apr 4 14:17
usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
The change is fairly simple, but it's hard to be sure if there are unforeseen
consequences because it has been this way for a long time. Please let me know
if you have any concerns about this change.
Are there any examples where the node manager group needs read permissions for
the container working directories?
cc: [~jeagles]
> container working directory has group read permissions
> ------------------------------------------------------
>
> Key: YARN-9442
> URL: https://issues.apache.org/jira/browse/YARN-9442
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 3.2.2
> Reporter: Jim Brennan
> Assignee: Jim Brennan
> Priority: Minor
>
> Container working directories are currently created with permissions 0750,
> owned by the user and with the group set to the node manager group.
> Is there any reason why these directories need group read permissions?
> I have been testing with group read permissions removed and so far I haven't
> encountered any problems.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
