Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
Slider 0.80
-
None
-
None
Description
Environment is slider .80 on Hadoop 2.6 secured cluster
A component is launched for each distinct user of the service (via upgrade). E.g. when user A accesses service, do a "upgrade" and create a component for user A. When user B comes, create another component for user B etc.
At present, all of these components are launched & run as single linux user - this is the user who launches slider AM.
Security needs may demand that each component be run as its own linux user. This ask is similar to how secured Hadoop cluster launches MR jobs for user using user's login
Expected ask is as follows ...
Launch slider AM as user "admin"
Run component for user A as user A's uid and gid
Run component for user B as user B's uid and gid
It seems this was thought about and then commented out in some version
In version .80; resource_management/core/resources/system.py, I noticed that class Execute can take a parameter "user". Its not clear if and how this could be used. In core/shell.py, the logic around "user" is commented out with comment " Do not su to the supplied user"