As of hadoop 2.3.0, commit cc74a18c makes it so that nonsecureLocalUser replaces the user who submits a job if security is disabled:
However, the only way to enable security, is to NOT use SIMPLE authentication mode:
Thus, the framework ENFORCES that "SIMPLE" login security --> nonSecureuser for submission of LinuxExecutorContainer.
This results in a confusing issue, wherein we submit a job as "sally" and then get an exception that user "nobody" is not whitelisted and has UID < MAX_ID.
My proposed solution is that we should be able to leverage LinuxContainerExector regardless of hadoop's view of the security settings on the cluster, i.e. decouple LinuxContainerExecutor logic from the "isSecurityEnabled" return value.