hadoop kerberos官方配置详解(7)

下面在Hadoop YARN中是可用的:

ContainerExecutorDescription
DefaultContainerExecutor   The default executor which YARN uses to manage container execution. The container process has the same Unix user as the NodeManager.  
LinuxContainerExecutor   Supported only on GNU/Linux, this executor runs the containers as either the YARN user who submitted the application (when full security is enabled) or as a dedicated user (defaults to nobody) when full security is not enabled. When full security is enabled, this executor requires all user accounts to be created on the cluster nodes where the containers are launched. It uses a setuid executable that is included in the Hadoop distribution. The NodeManager uses this executable to launch and kill containers. The setuid executable switches to the user who has submitted the application and launches or kills the containers. For maximum security, this executor sets up restricted permissions and user/group ownership of local files and directories used by the containers such as the shared objects, jars, intermediate files, log files etc. Particularly note that, because of this, except the application owner and NodeManager, no other user can access any of the local files/directories including those localized as part of the distributed cache.  

构建LinuxContainerExecutor可执行文件,执行:

$ mvn package -Dcontainer-executor.conf.dir=/etc/hadoop/

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/d9d246ed39d4b7719eccfada3af60d5c.html