You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "DarinJ (JIRA)" <ji...@apache.org> on 2015/09/09 04:53:45 UTC
[jira] [Commented] (MESOS-1790) Add "chown" option to
CommandInfo.URI
[ https://issues.apache.org/jira/browse/MESOS-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736044#comment-14736044 ]
DarinJ commented on MESOS-1790:
-------------------------------
Bernd,
The issue came up in myriad as a file container-executor is set g+s, this allows a node manager running as user "yarn" in the "yarn" group to execute a container as another user. The solution we came up with was to run the framework as root, set extract to false on the URIBuilder, and the run `tar -xzpf hadoop.tgz && sudo -u yarn bin/yarn nodemanager` (actually a bit messier but this is the idea). It works, the downside is it requires the framework to run as root. I expect this could be used in other frameworks where multiple users can launch tasks.
Darin
> Add "chown" option to CommandInfo.URI
> -------------------------------------
>
> Key: MESOS-1790
> URL: https://issues.apache.org/jira/browse/MESOS-1790
> Project: Mesos
> Issue Type: Improvement
> Reporter: Vinod Kone
> Assignee: Jim Klucar
> Labels: myriad, newbie
> Attachments: 0001-MESOS-1790-Adds-chown-option-to-CommandInfo.URI.patch
>
>
> Mesos fetcher always chown()s the extracted executor URIs as the executor user but sometimes this is not desirable, e.g., "setuid" bit gets lost during chown() if slave/fetcher is running as root.
> It would be nice to give frameworks the ability to skip the chown.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)