You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2014/11/07 13:00:42 UTC

[jira] [Commented] (MESOS-52) allow toggling switch_user on a per-framework basis

    [ https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201969#comment-14201969 ] 

Adam B commented on MESOS-52:
-----------------------------

Fixed by MESOS-911, see the 'run_tasks' ACL at http://mesos.apache.org/documentation/latest/authorization/

> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
>                 Key: MESOS-52
>                 URL: https://issues.apache.org/jira/browse/MESOS-52
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: brian wickman
>            Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which by default runs executors as the users via switch_user, but then a class of trusted frameworks privileged to run as root (e.g. operations frameworks, or ones that require LVM mounts and such, and to whom we'd delegate the responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would connect to the master using a PKI protocol.  You could even go a step further and encrypt framework messages for those privileged frameworks.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)