You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Sunil Govindan (JIRA)" <ji...@apache.org> on 2018/05/31 19:58:00 UTC
[jira] [Comment Edited] (YARN-8384) stdout, stderr logs of a Native
Service container is coming with group as nobody
[ https://issues.apache.org/jira/browse/YARN-8384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16497051#comment-16497051 ]
Sunil Govindan edited comment on YARN-8384 at 5/31/18 7:57 PM:
---------------------------------------------------------------
After YARN-7684, I can see below code snippet in container-executor.c
{code:java}
char *init_log_path(const char *container_log_dir, const char *logfile) {
..
..
if (change_owner(tmp_buffer, user_detail->pw_uid, user_detail->pw_gid) != 0) {
....
}
..
..
}
{code}
So ideally here the log file owner is changed to the incoming user and group. I am not very sure, but this seems like the pblm.
cc [~leftnoteasy] [~eyang]
was (Author: sunilg):
After YARN-7684, I can see below code snippet in container-executor.c
{code:java}
char *init_log_path(const char *container_log_dir, const char *logfile) {
..
..
if (change_owner(tmp_buffer, user_detail->pw_uid, user_detail->pw_gid) != 0) {
....
}
..
..
}
{code}
So ideally here the log file owner is change to the incoming user and group is also take from same. I am not very sure, but this seems like the pblm.
cc [~leftnoteasy] [~eyang]
> stdout, stderr logs of a Native Service container is coming with group as nobody
> --------------------------------------------------------------------------------
>
> Key: YARN-8384
> URL: https://issues.apache.org/jira/browse/YARN-8384
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn-native-services
> Reporter: Sunil Govindan
> Priority: Major
> Labels: docker
>
> When {{yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}} is set to true, and {{yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user}} is set to nobody.
> This will cause the docker to run as nobody:nobody in yarn mode.
> The log files will be initialized as nobody:nobody:
> {noformat}
> rw-rr- 1 nobody hadoop 354 May 31 17:33 container-localizer-syslog
> rw-rr- 1 nobody hadoop 1042 May 31 17:35 directory.info
> rw-r---- 1 nobody hadoop 4944 May 31 17:35 launch_container.sh
> rw-rr- 1 nobody hadoop 440 May 31 17:35 prelaunch.err
> rw-rr- 1 nobody hadoop 100 May 31 17:35 prelaunch.out
> rw-r---- 1 nobody nobody 18733 May 31 17:37 stderr.txt
> rw-r---- 1 nobody nobody 400 May 31 17:35 stdout.txt
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org