Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
None
-
None
-
None
Description
The permissions we set for the YARN container executor are not exactly correct and are different from what we used to set for the MRv1 task containers. The requirements for the permissions are as follows:
- Readable/executable by the group
- Not executable by others
- Not writable by others
- Set UID
- Owned by root
I've tested this in YARN and have tested that I can still submit and run jobs successfully with these new permissions. This is somewhat second-hand information, so I'll CC atm in case I've missed any important details or context...