Apache Ambari Security
Also available as:
PDF
loading table of contents...

How to Configure Ambari Server for Non-Root

You can configure the Ambari Server to run as a non-root user.

During the ambari-server setup process, when prompted to Customize user account for ambari-server daemon?, choose y.

The setup process prompts you for the appropriate, non-root user to run the Ambari Server as; for example: ambari.

[Note]Note

The non-root user you choose to run the Ambari Server should be part of the Hadoop group. This group must match the service Hadoop group accounts referenced in the Customize Services > Misc tab during the Install Wizard configuration step. The default group name is hadoop but if you customized this value during cluster install, be sure to make the non-root user a part of that group. See Customizing HDP Services for more information on service account users and groups.

[Note]Note

If Ambari Server is running as a non-root user, such as 'ambari', and you are planning on using Ambari Views, the following properties in Services > HDFS > Configs > Advanced core-site must be added:

hadoop.proxyuser.ambari.groups=*
hadoop.proxyuser.ambari.hosts=* 

The non-root functionality relies on sudo to run specific commands that require elevated privileges as defined in the Sudoer Configuration - Ambari Server. The sudo configuration for Ambari Server is split into two sections: Commands - Ambari Server, and Sudo Defaults - Ambari Server.