https://community.cloudera.com/t5/Support-Questions/How-to-restrict-a-hadoop-user-to-use-a-hadoop-commands-like/m-p/211256#M173198 <P>I use freeIPA for the hadoop user auth. It is very easy to do such things in freeIPA.</P><P>You can refer example-13 of this document <A href="https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/defining-sudorules.html" target="_blank">https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/defining-sudorules.html</A></P>Example 13.2. Allowing and Denying Commands<P>The <CODE>sudo</CODE> rule can grant access or deny access to commands. For example, this rule would allow read access to files but prevent editing: </P><PRE>$ ipa sudorule-add-allow-command --sudocmd "/usr/bin/less" readfiles $ ipa sudorule-add-allow-command --sudocmd "/usr/bin/tail" readfiles $ ipa sudorule-add-deny-command --sudocmd "/usr/bin/vim" readfiles</PRE> Tue, 07 Aug 2018 17:14:51 GMT 76_subhasis 2018-08-07T17:14:51Z