How to Configure an Ambari Agent for Non-Root
You can configure the Ambari Agent to run as a non-privileged user as well. That user requires specific sudo access in order to su to Hadoop service accounts and perform specific privileged commands. Configuring Ambari Agents to run as non-root requires that you manually install agents on all nodes in the cluster. For these details, see Installing Ambari Agents Manually. After installing each agent, you must configure the agent to run as the desired, non-root user. In this example we will use the ambari
user.
Change the run_as_user
property in the /etc/ambari-agent/conf/ambari-agent.ini
file, as illustrated below:
run_as_user=ambari
Once this change has been made, the ambari-agent must be restarted to begin running as the non-root user.
The non-root functionality relies on sudo to run specific commands that require elevated privileges as defined in the Sudoer Configuration - Ambari Agents. The sudo configuration is split into these sections: