4.7. Disable SELinux and PackageKit and check the UMASK Value

The following steps serve as a security checklist:

  • You must temporarily disable SELinux for the Ambari setup to function. On each host in your cluster:

    setenforce 0

    To permanently disable SELinux: set


    in /etc/selinux/config This ensures that SELinux does not turn itself on after you reboot the machine.

  • On an installation host running RHEL/CentOS with PackageKit installed, open /etc/yum/pluginconf.d/refresh-packagekit.conf using a text editor and make this change:


    PackageKit is not enabled by default on a SLES system. Unless you have specifically enabled PackageKit, you may skip this step for a SLES installation host.

  • UMASK (User Mask or User file creation MASK) is the default permission or base permission given when a new file or folder is created on a Linux machine. Most Linux distros set 022 as the default umask. For a HDP cluster, make sure that umask is set to 022. To set umask 022, run the following command as root on all hosts,

    vi etc/profile
    umask 022

loading table of contents...