Directory permissions when using PAM authentication backend

If you are using Pluggable Authentication Modules (PAM) for authenticating Hue users, then ensure that the Hue users have access to the /etc/shadow directory. Use an approach suitable to your organization's security policies.

Making Hue application user a member of the shadow group

This approach involves creating a shadow group and adding hue to this group. Then you must allow the shadow group read access to the /etc/shadow directory.

Using Access Contol Lists (Recommended)

You can use Linux's ACLs to permit hue user read access to the /etc/shadow directory by using the setfacl command. Cloudera recommends this approach.