10-04-2017 10:38 AM
I am planning install Cloudera Manager and I have received a questioning from security sector about SElinux, because in my demand I've asked to disable SElinux based on installation issues I just want to know why I do need to turn off/disable SElinux?
In my understanding its architecture strives to separate enforcement of security decisions from the security policy itself, and streamlines the amount of software involved with security policy enforcement. If SElinux is a part of kernel and a security implementation, maybe, could cause security breach disable it? Besides to know why, I'd like to know if has a form to keep SElinux and install Cloudera.
I am thankful for helping me with these philosophical questions.
10-04-2017 01:29 PM
One common reason to disable the firewall is, as we know HDFS maintains replication in different nodes/racks but it shouldn't take any extra time for that. Setting firewall using SElinux may disturb this (or) lead to performance issue. So the general recommendation is to disable the firewall. But I believe in some cases users are still using hadoop with firewall for security reasons (if the business really demands).
Regarding your question about security, you can follow the other recommended securities like kerberos, sentry, etc (depends upon your needs).
10-04-2017 01:49 PM
07-06-2018 02:25 PM
During install if SElinux is enabled then apparently the hadoop directories created in /var/lib like hbase, hive, impala, sqoop, zookeeper etc. seem to have all the permissions set as 000 instead of 755 and also owned by root instead of the service accounts. This causes these roles unable to startup. Ended up having to chmod 755 and chown all these 15 or so directories after which the install completed sucessfully.