Ravi Prakash commented on YARN-2424:

Thanks Tucu for pointing out the security implications of allowing 
un-authenticated users to run tasks as themselves (or impersonate others) on 
nodes. I agree that is not something we should turn on by default. That is why 
I think the default value for DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS to be true 
is necessary. However, there is a use case as pointed out by Allen (as a 
stepping stone towards turning on Kerberos) that we at Altiscale and presumably 
others also have (e.g. Jay's last comment on YARN-1253). 
Thanks for this patch Allen! I'll take a look at it.

> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>                 Key: YARN-2424
>                 URL: https://issues.apache.org/jira/browse/YARN-2424
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
>            Reporter: Allen Wittenauer
>            Priority: Blocker
>              Labels: regression
>         Attachments: YARN-2424.patch
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.  
> This is a fairly serious regression, as turning on LCE prior to turning on 
> full-blown security is a fairly standard procedure.

This message was sent by Atlassian JIRA

Reply via email to