[
https://issues.apache.org/jira/browse/YARN-2424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14101509#comment-14101509
]
Ravi Prakash commented on YARN-2424:
------------------------------------
Thanks Tucu for pointing out the security implications of allowing
un-authenticated users to run tasks as themselves (or impersonate others) on
nodes. I agree that is not something we should turn on by default. That is why
I think the default value for DEFAULT_NM_NONSECURE_MODE_LIMIT_USERS to be true
is necessary. However, there is a use case as pointed out by Allen (as a
stepping stone towards turning on Kerberos) that we at Altiscale and presumably
others also have (e.g. Jay's last comment on YARN-1253).
Thanks for this patch Allen! I'll take a look at it.
> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>
> Key: YARN-2424
> URL: https://issues.apache.org/jira/browse/YARN-2424
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager
> Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
> Reporter: Allen Wittenauer
> Priority: Blocker
> Labels: regression
> Attachments: YARN-2424.patch
>
>
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.
> This is a fairly serious regression, as turning on LCE prior to turning on
> full-blown security is a fairly standard procedure.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
