You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Remus Rusanu (JIRA)" <ji...@apache.org> on 2014/09/15 15:29:34 UTC

[jira] [Created] (YARN-2551) Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only

Remus Rusanu created YARN-2551:
----------------------------------

             Summary: Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only
                 Key: YARN-2551
                 URL: https://issues.apache.org/jira/browse/YARN-2551
             Project: Hadoop YARN
          Issue Type: Sub-task
          Components: nodemanager
            Reporter: Remus Rusanu
            Assignee: Remus Rusanu


The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys that restrict/control the users that can be impersonated by the WSCE containers. The impersonation frameworks in winutils should validate that only Administrators have write control on this file. 

This is similar to how LCE is validating that only root has write permissions on container-executor.cfg file on secure Linux clusters.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)