Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2198 Remove the need to run NodeManager as privileged account for Windows Secure Container Executor
  3. YARN-2551

Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Implemented
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: nodemanager

      Description

      The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys that restrict/control the users that can be impersonated by the WSCE containers. The impersonation frameworks in winutils should validate that only Administrators have write control on this file.

      This is similar to how LCE is validating that only root has write permissions on container-executor.cfg file on secure Linux clusters.

        Attachments

          Activity

            People

            • Assignee:
              rusanu Remus Rusanu
              Reporter:
              rusanu Remus Rusanu
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: