You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "Remus Rusanu (JIRA)" <ji...@apache.org> on 2014/09/15 15:29:34 UTC
[jira] [Created] (YARN-2551) Windows Secure Cotnainer Executor: Add
checks to validate that the wsce-site.xml is write restricted to
Administrators only
Remus Rusanu created YARN-2551:
----------------------------------
Summary: Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only
Key: YARN-2551
URL: https://issues.apache.org/jira/browse/YARN-2551
Project: Hadoop YARN
Issue Type: Sub-task
Components: nodemanager
Reporter: Remus Rusanu
Assignee: Remus Rusanu
The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys that restrict/control the users that can be impersonated by the WSCE containers. The impersonation frameworks in winutils should validate that only Administrators have write control on this file.
This is similar to how LCE is validating that only root has write permissions on container-executor.cfg file on secure Linux clusters.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)