You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "DarinJ (JIRA)" <ji...@apache.org> on 2015/09/09 04:53:45 UTC

[jira] [Commented] (MESOS-1790) Add "chown" option to CommandInfo.URI

    [ https://issues.apache.org/jira/browse/MESOS-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14736044#comment-14736044 ] 

DarinJ commented on MESOS-1790:
-------------------------------

Bernd,

The issue came up in myriad as a file container-executor is set g+s, this allows a node manager running as user "yarn" in the "yarn" group to execute a container as another user.  The solution we came up with was to run the framework as root, set extract to false on the URIBuilder, and the run `tar -xzpf hadoop.tgz && sudo -u yarn bin/yarn nodemanager` (actually a bit messier but this is the idea).  It works, the downside is it requires the framework to run as root.  I expect this could be used in other frameworks where multiple users can launch tasks.

Darin

> Add "chown" option to CommandInfo.URI
> -------------------------------------
>
>                 Key: MESOS-1790
>                 URL: https://issues.apache.org/jira/browse/MESOS-1790
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Vinod Kone
>            Assignee: Jim Klucar
>              Labels: myriad, newbie
>         Attachments: 0001-MESOS-1790-Adds-chown-option-to-CommandInfo.URI.patch
>
>
> Mesos fetcher always chown()s the extracted executor URIs as the executor user but sometimes this is not desirable, e.g., "setuid" bit gets lost during chown() if slave/fetcher is running as root. 
> It would be nice to give frameworks the ability to skip the chown.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)