potiuk edited a comment on issue #21487:
URL: https://github.com/apache/airflow/issues/21487#issuecomment-1034925023
But it is a nice feature indeed.
BTW. Just to correct your statement - the current option with sudo does NOT
avert the main purpose. Maybe there is a misunderstanding about the purpose of
impersonation.
The purpose of impersonation is not to prevent the "airflow" user to run as
root, but to make sure that the "task" coming from DAG wirtten by DAG author is
executed only using the "target run_as_user" (which does not have sudo). So it
worked fine before as expected.
The FACL solution simply changes the requirements that the airflow user must
fullfill to be able to use. Instead of having `sudo as root` the "${TMP_DIR}"
folder must be mounted on acl-enabled volume and the airlfow user should be
able to `sudo as run_for_user`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
