You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bigtop.apache.org by "Sean Mackrory (JIRA)" <ji...@apache.org> on 2014/01/07 23:45:50 UTC
[jira] [Updated] (BIGTOP-1050) Permissions on YARN LCE should be
4754
[ https://issues.apache.org/jira/browse/BIGTOP-1050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Mackrory updated BIGTOP-1050:
----------------------------------
Attachment: 0001-BIGTOP-1050.-Permission-on-YARN-LCE-should-be-4750.patch
I just tried it out with 4750 and it worked well. Not having the 4 bit, as you point out, achieves no additional security, but at least it works :)
Thoughts?
> Permissions on YARN LCE should be 4754
> --------------------------------------
>
> Key: BIGTOP-1050
> URL: https://issues.apache.org/jira/browse/BIGTOP-1050
> Project: Bigtop
> Issue Type: Bug
> Reporter: Sean Mackrory
> Assignee: Sean Mackrory
> Priority: Blocker
> Fix For: 0.8.0
>
> Attachments: 0001-BIGTOP-1050.-Permission-on-YARN-LCE-should-be-4750.patch, 0001-BIGTOP-1050.-Permissions-on-YARN-LCE-should-be-4754.patch
>
>
> The permissions we set for the YARN container executor are not exactly correct and are different from what we used to set for the MRv1 task containers. The requirements for the permissions are as follows:
> * Readable/executable by the group
> * Not executable by others
> * Not writable by others
> * Set UID
> * Owned by root
> I've tested this in YARN and have tested that I can still submit and run jobs successfully with these new permissions. This is somewhat second-hand information, so I'll CC [~atm] in case I've missed any important details or context...
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)