Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
YARN service might be running as a service user, e.g. hbase user. In order to get into docker container owned by hbase user. A human user needs to be either part of YARN admin, or obtain hbase user kerberos credential. It would be nice to add enhancement to YARN service and docker support to have a list of allowed human users other than YARN admin to have access to hbase user's container.
Attachments
Issue Links
- relates to
-
YARN-8838 Add security check for container user is same as websocket user
- Resolved