YARN-10770. container-executor permission is wrong in SecureContainer.md. Contributed by Siddharth Ahuja.

(cherry picked from commit 1cbcde04f3)
This commit is contained in:
Akira Ajisaka 2021-05-25 18:28:09 +09:00
parent b82a0fa9e6
commit ad7071c93b
No known key found for this signature in database
GPG Key ID: C1EDBB9CA400FD50

View File

@ -36,7 +36,7 @@ Secure Containers work only in the context of secured YARN clusters.
The configured directories for `yarn.nodemanager.local-dirs` and `yarn.nodemanager.log-dirs` must be owned by the configured NodeManager user (`yarn`) and group (`hadoop`). The permission set on these directories must be `drwxr-xr-x`. The configured directories for `yarn.nodemanager.local-dirs` and `yarn.nodemanager.log-dirs` must be owned by the configured NodeManager user (`yarn`) and group (`hadoop`). The permission set on these directories must be `drwxr-xr-x`.
The `container-executor` program must be owned by `root` and have the permission set `---sr-s---`. The `container-executor` program must be owned by `root` and have the permission set `---Sr-s---`.
To configure the `NodeManager` to use the `LinuxContainerExecutor` set the following in the **conf/yarn-site.xml**: To configure the `NodeManager` to use the `LinuxContainerExecutor` set the following in the **conf/yarn-site.xml**: