[
https://issues.apache.org/jira/browse/YARN-4579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15095503#comment-15095503
]
Ray Chiang commented on YARN-4579:
----------------------------------
I don't have all the specifics, but I have one request where they're using a
third-party tool to pull data from the container logs. The tool can't run as
user 'yarn' and the hardcoded directory permissions of 710 is preventing this
tool/flow from working. I do agree it's a bit of a weird corner case, since
I'd assume this would only apply to customers that aren't as concerned about
security (at least with respect to logs).
As for design, it looks like each subclass of ContainerExecutor has its own
implementation (or inherited) of startLocalizer(). Are you thinking of
generalizing the directory location/permissions/other requirements into
LocalizerStartContext or did you have something else in mind?
> Allow container directory permissions to be configurable
> --------------------------------------------------------
>
> Key: YARN-4579
> URL: https://issues.apache.org/jira/browse/YARN-4579
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 2.8.0
> Reporter: Ray Chiang
> Assignee: Ray Chiang
> Labels: supportability
> Attachments: YARN-4579.001.patch, YARN-4579.002.patch,
> YARN-4579.003.patch
>
>
> By default, container directory permissions are hardcoded to this member in
> DefaultContainerExecutor:
> static final short LOGDIR_PERM = (short)0710;
> There are some cases where less restrictive permissions are desired. Make
> this configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
