In general Hadoop services should be owned by specific users and not by root or application users. The table below shows typical users for Hadoop services. Identify the users that you want for your Hadoop services and the common Hadoop group and create these accounts on your system.
![[Note]](../common/images/admon/note.png) | Note |
|---|---|
If you are considering installing your cluster in secure mode, either at installation or at a later time, you need to understand the relationship between OS system service users and Kerberos principals. Hadoop uses group memberships of users at various places, such as to determine group ownership for files or for access control. In order for Hadoop to be able to connect a Kerberos principal with its respective OS system service user, a mapping must be created. For more information on this process, see Setting Up Security for Manual Installs |
Table 1.1. Typical Service Users and Groups
| Hadoop Service | User | Group |
|---|---|---|
|
HDFS |
hdfs |
hadoop |
|
MapReduce |
mapred |
hadoop |
|
Hive |
hive |
hadoop |
|
Pig |
pig |
hadoop |
|
HCatalog/WebHCat |
hcat |
hadoop |
|
HBase |
hbase |
hadoop |
|
ZooKeeper |
zookeeper |
hadoop |
|
Oozie |
oozie |
hadoop |
