Directory permissions when using PAM authentication backend

If you are using Pluggable Authentication Modules (PAM) for authenticating Hue users, then ensure that the Hue users have access to the /etc/shadow directory. Use an approach suitable to your organization's security policies.

Making Hue application user a member of the shadow group

This approach involves creating a shadow group and adding Hue to this group. Then you must grant the shadow group, read permission to the /etc/shadow directory.

Using Access Contol Lists (Recommended)

You can use Linux's ACLs to permit Hue user a read permission to the /etc/shadow directory by using the setfacl command. Cloudera recommends this approach.