Eric Yang commented on YARN-3252:

Thank you Allen.  By using the fix in YARN-2424, it is possible to run 
application as submitted user.  Proxy user concept could be an enhancement to 
ensure only a small set of users have privileges to run core services.  Such as 
Spark on YARN or HBase on YARN, those users are supposely trusted services.  
Some proxy user rules in YARN can help to reduce the security risk that 
YARN-1253 was originally concerned about.

> YARN LinuxContainerExecutor runs as nobody in Simple Security mode for all 
> applications
> ---------------------------------------------------------------------------------------
>                 Key: YARN-3252
>                 URL: https://issues.apache.org/jira/browse/YARN-3252
>             Project: Hadoop YARN
>          Issue Type: Bug
>    Affects Versions: 2.3.0, 2.4.0, 2.6.0, 2.5.1, 2.5.2
>         Environment: Linux
>            Reporter: Eric Yang
>            Priority: Critical
> When using YARN + Slider + LinuxContainerExecutor, all slider application are 
> running as nobody.  This is because the modification in YARN-1253 to restrict 
> all containers to run as a single user.  This becomes a exploite to any 
> application that runs inside YARN + Slider + LCE.  The original behavior is 
> more correct.  The original statement indicated that users can impersonate 
> any other users.  This supposed to be only valid for proxy users, who can 
> proxy as other users.  It is designed as intended that the service user needs 
> to be trusted by the framework to impersonate end users.

This message was sent by Atlassian JIRA

Reply via email to