[
https://issues.apache.org/jira/browse/YARN-4579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096771#comment-15096771
]
Ray Chiang commented on YARN-4579:
----------------------------------
I would think that since the container log directory is the only one generated
by YARN, so there could be useful information in there. The other directories
(file cache, app cache, user directory) would be files the user could already
have access to without even launching a job, so I would expect that permissions
there would be less likely to need loosening.
One follow up thought, based on Robert's feedback. Does it make sense to make
it a DefaultContainerExecutor property only? For security reasons, it might
make sense to give each ContainerExecutor subclass it's own property for
container log directory permissions.
If so, I can do this JIRA for DefaultContainerExecutor and do a follow up JIRA
to refactor ContainerExecutor and it's subclasses for the other properties.
I'd like a little more time to think on that.
> Allow container directory permissions to be configurable
> --------------------------------------------------------
>
> Key: YARN-4579
> URL: https://issues.apache.org/jira/browse/YARN-4579
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 2.8.0
> Reporter: Ray Chiang
> Assignee: Ray Chiang
> Labels: supportability
> Attachments: YARN-4579.001.patch, YARN-4579.002.patch,
> YARN-4579.003.patch
>
>
> By default, container directory permissions are hardcoded to this member in
> DefaultContainerExecutor:
> static final short LOGDIR_PERM = (short)0710;
> There are some cases where less restrictive permissions are desired. Make
> this configurable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
