In Storm secure mode, workers can run as the user (owner of the topology) who deployed the topology. To enable, complete the following steps:
On all Storm nodes, change ownership of the
conf
directory fromstorm
toroot
:sudo chown -R root:hadoop /etc/storm/conf
This restricts access to the
worker-launcher.cfg
file in theconf
directory. Users can still modify and update Storm configuration properties, because Ambari runs asroot
.Make sure all users who are going to deploy topologies have a UNIX account on all of the Storm nodes. Workers will run under the UNIX account for topologies deployed by the user.
Example: For user
testuser1
and principaltestuser1/c6401.ambari.apache.org
, make sure there is a correspondingtestuser1
UNIX account.Add the following configuration under "Custom storm-site" in the Ambari Storm configuration screen:
supervisor.run.worker.as.user : true
Restart Storm components.