Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

what are security implications of whitelisting yarn user with yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user=yarn?

Labels:
avatar
author-rank aervits
Master Mentor

Created ‎05-04-2016 05:57 PM

In absence of a secured cluster, I enabled Linux Secured Containers and white-listed yarn user. In a production environment, what are the security risks with whitelisting yarn user and having regular users execute Oozie workflows on behalf of hbase user.

1,609 Views
1 ACCEPTED SOLUTION

avatar
author-rank cnauroth
Guru

Created ‎06-13-2016 06:28 AM

@Artem Ervits, the risk of executing as the yarn user relates to several statements from the Apache Hadoop documentation on Secure Mode. Specifically, the section on the NodeManager states the following:

For maximum security, this executor sets up restricted permissions and user/group ownership of local files and directories used by the containers such as the shared objects, jars, intermediate files, log files etc. Particularly note that, because of this, except the application owner and NodeManager, no other user can access any of the local files/directories including those localized as part of the distributed cache.

Therefore, by executing YARN containers as user "yarn", which is the same as the user running the NodeManager, the container process can get full access to localized file content. This would open a risk of users writing arbitrary application code that scans the local disk looking for localized files that potentially contain sensitive data, or even changing the contents of user-submitted executables to mount a code injection attack. It would also be possible to access files owned by the yarn user on HDFS.

View solution in original post

1,240 Views
2 REPLIES 2

avatar
author-rank cnauroth
Guru

Created ‎06-13-2016 06:28 AM

@Artem Ervits, the risk of executing as the yarn user relates to several statements from the Apache Hadoop documentation on Secure Mode. Specifically, the section on the NodeManager states the following:

For maximum security, this executor sets up restricted permissions and user/group ownership of local files and directories used by the containers such as the shared objects, jars, intermediate files, log files etc. Particularly note that, because of this, except the application owner and NodeManager, no other user can access any of the local files/directories including those localized as part of the distributed cache.

Therefore, by executing YARN containers as user "yarn", which is the same as the user running the NodeManager, the container process can get full access to localized file content. This would open a risk of users writing arbitrary application code that scans the local disk looking for localized files that potentially contain sensitive data, or even changing the contents of user-submitted executables to mount a code injection attack. It would also be possible to access files owned by the yarn user on HDFS.

1,241 Views

avatar
author-rank aervits
Master Mentor

Created ‎06-16-2016 02:37 AM

@Chris Nauroth

thank you very much, looking forward to your Hadoop Summit sessions.

1,240 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements