Remus Rusanu created YARN-2551:

             Summary: Windows Secure Cotnainer Executor: Add checks to validate 
that the wsce-site.xml is write restricted to Administrators only
                 Key: YARN-2551
             Project: Hadoop YARN
          Issue Type: Sub-task
          Components: nodemanager
            Reporter: Remus Rusanu
            Assignee: Remus Rusanu

The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys 
that restrict/control the users that can be impersonated by the WSCE 
containers. The impersonation frameworks in winutils should validate that only 
Administrators have write control on this file. 

This is similar to how LCE is validating that only root has write permissions 
on container-executor.cfg file on secure Linux clusters.

This message was sent by Atlassian JIRA

Reply via email to