Answer
New Contributor
Posts: 2
Registered: ‎04-03-2014
Accepted Solution
/etc/passwd for hadoop service users /sbin/nologin

OS: Centos 7.3

# cat /etc/centos-release
CentOS Linux release 7.3.1611 (Core)

 

During installation -> "Configuring Single User Mode" is not checked but all Hadoop service user ids are set to /sbin/nologin in /etc/passwd:

 

hdfs:x:985:979:Hadoop HDFS:/var/lib/hadoop-hdfs:/sbin/nologin
solr:x:984:978:Solr:/var/lib/solr:/sbin/nologin
sentry:x:983:977:Sentry:/var/lib/sentry:/sbin/nologin
hue:x:982:976:Hue:/usr/lib/hue:/sbin/nologin
zookeeper:x:981:975:ZooKeeper:/var/lib/zookeeper:/sbin/nologin
mapred:x:980:974:Hadoop MapReduce:/var/lib/hadoop-mapreduce:/sbin/nologin
httpfs:x:979:973:Hadoop HTTPFS:/var/lib/hadoop-httpfs:/sbin/nologin
sqoop:x:978:972:Sqoop:/var/lib/sqoop:/sbin/nologin
hive:x:977:971:Hive:/var/lib/hive:/sbin/nologin
kafka:x:976:970:Kafka:/var/lib/kafka:/sbin/nologin
kms:x:975:969:Hadoop KMS:/var/lib/hadoop-kms:/sbin/nologin
yarn:x:974:968:Hadoop Yarn:/var/lib/hadoop-yarn:/sbin/nologin
oozie:x:973:967:Oozie User:/var/lib/oozie:/sbin/nologin
kudu:x:972:966:Kudu:/var/lib/kudu:/sbin/nologin
hbase:x:971:965:HBase:/var/lib/hbase:/sbin/nologin
impala:x:970:964:Impala:/var/lib/impala:/bin/bash
spark:x:969:963:Spark:/var/lib/spark:/sbin/nologin

 

View Entire Topic
Cloudera Employee
Posts: 1
Registered: ‎01-18-2017
Answered

This was supposed to be a feature, not a bug. These are service accounts and should not be used by humans, hence the 'nologin' shells. This addresses feedback from some large customers: it limits the attack surface presented by our software.

 

I'm curious - how did you come across this, and what impact does it have for you?  Thanks for the report.

 

PS: you might note that the 'impala' user is the only one in the list below that uses /bin/bash. In our GA release, Impala will also have /sbin/nologin as its shell.