You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "Remus Rusanu (JIRA)" <ji...@apache.org> on 2014/09/22 14:10:34 UTC
[jira] [Resolved] (YARN-2551) Windows Secure Cotnainer Executor:
Add checks to validate that the wsce-site.xml is write restricted to
Administrators only
[ https://issues.apache.org/jira/browse/YARN-2551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Remus Rusanu resolved YARN-2551.
--------------------------------
Resolution: Implemented
The patch will be contained in YARN-2198 patch 10 and forward
> Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: YARN-2551
> URL: https://issues.apache.org/jira/browse/YARN-2551
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Remus Rusanu
> Assignee: Remus Rusanu
> Labels: security, windows, wsce
> Attachments: YARN-2551.1.patch
>
>
> The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys that restrict/control the users that can be impersonated by the WSCE containers. The impersonation frameworks in winutils should validate that only Administrators have write control on this file.
> This is similar to how LCE is validating that only root has write permissions on container-executor.cfg file on secure Linux clusters.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)