Directory permissions when using PAM authentication backend
If you are using Pluggable Authentication Modules (PAM) for authenticating Data Explorer users, then ensure that the Data Explorer users have access to the /etc/shadow directory. Use an approach suitable to your organization's security policies.
Making Data Explorer application user a member of the shadow group
This approach involves creating a
group and adding Data Explorer to this group. Then you must grant the
shadow
group, read permission to the /etc/shadow
directory.shadow
Using Access Contol Lists (Recommended)
You can use Linux's ACLs to permit Data Explorer user a read permission to the /etc/shadow directory by using the setfacl command. Cloudera recommends this approach.
