You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mesos.apache.org by "brian wickman (Created) (JIRA)" <ji...@apache.org> on 2011/10/28 04:59:33 UTC

[jira] [Created] (MESOS-52) allow toggling switch_user on a per-framework basis

allow toggling switch_user on a per-framework basis
---------------------------------------------------

                 Key: MESOS-52
                 URL: https://issues.apache.org/jira/browse/MESOS-52
             Project: Mesos
          Issue Type: Improvement
            Reporter: brian wickman
            Priority: Minor


It would be handy if you could effectively enforce switch_user on a per-framework basis rather on a per-slave basis.

For example, I can imagine running an entire cluster of slaves as root, which by default runs executors as the users via switch_user, but then a class of trusted frameworks privileged to run as root (e.g. operations frameworks, or ones that require LVM mounts and such, and to whom we'd delegate the responsibility of setuiding.)

You could have the master manage a set of secrets, and the frameworks would connect to the master using a PKI protocol.  You could even go a step further and encrypt framework messages for those privileged frameworks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MESOS-52) allow toggling switch_user on a per-framework basis

Posted by "Matei Zaharia (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138127#comment-13138127 ] 

Matei Zaharia commented on MESOS-52:
------------------------------------

Is the concern that some users will accidentally submit their framework as root? In that case it does seem that a separate permissions system through a PKI is needed. Otherwise, I was just saying that if root submits the "run as root" frameworks and switch_user is on, those frameworks will still run as root (as far as I know).
                
> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
>                 Key: MESOS-52
>                 URL: https://issues.apache.org/jira/browse/MESOS-52
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: brian wickman
>            Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which by default runs executors as the users via switch_user, but then a class of trusted frameworks privileged to run as root (e.g. operations frameworks, or ones that require LVM mounts and such, and to whom we'd delegate the responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would connect to the master using a PKI protocol.  You could even go a step further and encrypt framework messages for those privileged frameworks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MESOS-52) allow toggling switch_user on a per-framework basis

Posted by "Matei Zaharia (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13137998#comment-13137998 ] 

Matei Zaharia commented on MESOS-52:
------------------------------------

Would it be OK to just submit these frameworks as root, or do you want to submit them as a normal user? I think that if you turn switch_user on but submit as root, things work fine.
                
> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
>                 Key: MESOS-52
>                 URL: https://issues.apache.org/jira/browse/MESOS-52
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: brian wickman
>            Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which by default runs executors as the users via switch_user, but then a class of trusted frameworks privileged to run as root (e.g. operations frameworks, or ones that require LVM mounts and such, and to whom we'd delegate the responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would connect to the master using a PKI protocol.  You could even go a step further and encrypt framework messages for those privileged frameworks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MESOS-52) allow toggling switch_user on a per-framework basis

Posted by "brian wickman (Commented) (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MESOS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13138113#comment-13138113 ] 

brian wickman commented on MESOS-52:
------------------------------------

I'd like to set up a Mesos cluster where some frameworks run as root and others are permitted only to run as user accounts.  But they should be able to coexist on the same slaves.
                
> allow toggling switch_user on a per-framework basis
> ---------------------------------------------------
>
>                 Key: MESOS-52
>                 URL: https://issues.apache.org/jira/browse/MESOS-52
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: brian wickman
>            Priority: Minor
>
> It would be handy if you could effectively enforce switch_user on a per-framework basis rather on a per-slave basis.
> For example, I can imagine running an entire cluster of slaves as root, which by default runs executors as the users via switch_user, but then a class of trusted frameworks privileged to run as root (e.g. operations frameworks, or ones that require LVM mounts and such, and to whom we'd delegate the responsibility of setuiding.)
> You could have the master manage a set of secrets, and the frameworks would connect to the master using a PKI protocol.  You could even go a step further and encrypt framework messages for those privileged frameworks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira