[
https://issues.apache.org/jira/browse/YARN-2458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remus Rusanu updated YARN-2458:
-------------------------------
Attachment: YARN-2458.2.patch
A complete implementation that delegates critical file handling (mkdirs) to the
privileged service.
> Add file handling features to the Windows Secure Container Executor LRPC
> service
> --------------------------------------------------------------------------------
>
> Key: YARN-2458
> URL: https://issues.apache.org/jira/browse/YARN-2458
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Remus Rusanu
> Assignee: Remus Rusanu
> Labels: security, windows
> Attachments: YARN-2458.1.patch, YARN-2458.2.patch
>
>
> In the WSCE design the nodemanager needs to do certain privileged operations
> like change file ownership to arbitrary users or delete files owned by the
> task container user after completion of the task. As we want to remove the
> Administrator privilege requirement from the nodemanager service, we have to
> move these operations into the privileged LRPC helper service.
> Extend the RPC interface to contain methods for change file ownership and
> manipulate files, add JNI client side and implement the server side. This
> will piggyback on the existing LRPC service so is not much infrastructure to
> add (run as service, RPC init, authentictaion and authorization are already
> solved). It just needs to be implemented.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
