You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Jim Brennan (JIRA)" <ji...@apache.org> on 2019/04/04 15:08:00 UTC

[jira] [Commented] (YARN-9442) container working directory has group read permissions

    [ https://issues.apache.org/jira/browse/YARN-9442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16809950#comment-16809950 ] 

Jim Brennan commented on YARN-9442:
-----------------------------------

Specifically, we have something like this now:
{noformat}
drwxr-s--- 4 jbrennan02 users 4096 Apr  3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache/application_1554316092589_0002
drwxr-s--- 4 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
And the suggestion is to change this to:
{noformat}
drwxr-s--- 4 jbrennan02 users 4096 Apr  3 18:28 usercache/jbrennan
drwxr-s--- 3 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache
drwxr-s--- 6 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache/application_1554316092589_0002
drwx--s--- 4 jbrennan02 users 4096 Apr  4 14:17 usercache/jbrennan/appcache/application_1554316092589_0002/container_1554316092589_0002_01_000001
{noformat}
The change is fairly simple, but it's hard to be sure if there are unforeseen consequences because it has been this way for a long time.   Please let me know if you have any concerns about this change.
Are there any examples where the node manager group needs read permissions for the container working directories?
cc: [~jeagles]

> container working directory has group read permissions
> ------------------------------------------------------
>
>                 Key: YARN-9442
>                 URL: https://issues.apache.org/jira/browse/YARN-9442
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 3.2.2
>            Reporter: Jim Brennan
>            Priority: Minor
>
> Container working directories are currently created with permissions 0750, owned by the user and with the group set to the node manager group.
> Is there any reason why these directories need group read permissions?
> I have been testing with group read permissions removed and so far I haven't encountered any problems.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org