Apache Ambari Security
Also available as:
PDF
loading table of contents...

How to Configure an Ambari Agent for Non-Root

You can configure the Ambari Agent to run as a non-privileged user as well. That user requires specific sudo access in order to su to Hadoop service accounts and perform specific privileged commands. Configuring Ambari Agents to run as non-root requires that you manually install agents on all nodes in the cluster. For these details, see Installing Ambari Agents Manually. After installing each agent, you must configure the agent to run as the desired, non-root user. In this example we will use the ambari user.

Change the run_as_user property in the /etc/ambari-agent/conf/ambari-agent.ini file, as illustrated below:

run_as_user=ambari

Once this change has been made, the ambari-agent must be restarted to begin running as the non-root user.

The non-root functionality relies on sudo to run specific commands that require elevated privileges as defined in the Sudoer Configuration - Ambari Agents. The sudo configuration is split into these sections: