Directory permissions when using PAM authentication backend
If you are using Pluggable Authentication Modules (PAM) for authenticating Hue users, then ensure that the Hue users have access to the /etc/shadow directory. Use an approach suitable to your organization's security policies.
Making Hue application user a member of the shadow group
This approach involves creating a
group and adding Hue to this
group. Then you must grant the shadow
group, read permission to the
/etc/shadow directory.shadow
Using Access Contol Lists (Recommended)
You can use Linux's ACLs to permit Hue user a read permission to the /etc/shadow directory by using the setfacl command. Cloudera recommends this approach.