https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239441#M201250 <P>HDP 2.6.4 on RHEL 7</P><P>Ambari is running under non-root user. While enabling Kerberos using Ambari, "Configure Ambari Identity" step errors out as the keytab file, /etc/security/keytabs/spnego.service.keytab is owned by non-root Ambari user. Error: ambari.server.AmbariException:chown: changing ownership of ‘/usr/hdp/security/keytabs/spnego.service.keytab’: Operation not permitted</P><P>The .csv file shows it has to be owned by root:hadoop and the non-root user is not able to do chown due to OS limitations. How to get around this issue ?</P><P>Can the Ambari-server be changed to run as root user by running "ambari-server setup" and restarting Ambari at this point and then restart "Enable Kerberos Wizard" ?</P><P>Any advice is welcome.</P> Fri, 16 Sep 2022 14:00:48 GMT rajeswaran_govi 2022-09-16T14:00:48Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239441#M201250 <P>HDP 2.6.4 on RHEL 7</P><P>Ambari is running under non-root user. While enabling Kerberos using Ambari, "Configure Ambari Identity" step errors out as the keytab file, /etc/security/keytabs/spnego.service.keytab is owned by non-root Ambari user. Error: ambari.server.AmbariException:chown: changing ownership of ‘/usr/hdp/security/keytabs/spnego.service.keytab’: Operation not permitted</P><P>The .csv file shows it has to be owned by root:hadoop and the non-root user is not able to do chown due to OS limitations. How to get around this issue ?</P><P>Can the Ambari-server be changed to run as root user by running "ambari-server setup" and restarting Ambari at this point and then restart "Enable Kerberos Wizard" ?</P><P>Any advice is welcome.</P> Fri, 16 Sep 2022 14:00:48 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239441#M201250 rajeswaran_govi 2022-09-16T14:00:48Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239442#M201251 <P>Hi <A rel="user" href="https://community.cloudera.com/users/9594/rajeswarangovindan.html" nodeid="9594">@Rajeswaran Govindan</A>,</P><P>Since Ambari is running a non-privileged user, it is possible that the chown for keytab file failed due to permission issues. </P><P>Make sure that the sudoers file is setup properly. Please refer the below documentation for this.</P><P><A href="http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/sudoer_configuration_server.html">http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/sudoer_configuration_server.html</A></P><P>Hope this helps!</P> Wed, 26 Dec 2018 16:11:44 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239442#M201251 sampathkumar_ma 2018-12-26T16:11:44Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239443#M201252 <A rel="user" href="https://community.cloudera.com/users/9594/rajeswarangovindan.html" nodeid="9594">@Rajeswaran Govindan</A><P>If you are running the Ambari server as a non-root user, then you need to set up sudoers so that Ambari can properly sudo and execute the needed commands. See <A href="https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/sudoer_configuration_server.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/sudoer_configuration_server.html</A> for information on how to set this up. </P> Wed, 26 Dec 2018 22:10:47 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239443#M201252 rlevas 2018-12-26T22:10:47Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239444#M201253 <P>Thanks you Robert and Sampath. In our environment editing the sudoers file is not an option. </P><P>Can the Ambari-server be changed to run as root user by running "ambari-server setup" and restarting Ambari at this point and then restart "Enable Kerberos Wizard" ?</P> Thu, 27 Dec 2018 00:13:07 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239444#M201253 rajeswaran_govi 2018-12-27T00:13:07Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239445#M201254 <P> Hi <A rel="user" href="https://community.cloudera.com/users/9594/rajeswarangovindan.html" nodeid="9594">@Rajeswaran Govindan</A> ,</P><P> If you cant give the suoders permissions as listed docs , Its always better to run the ambari-server as root.</P><P> to run ambari server again as root again follow this steps</P> <PRE>1)stop ambari-server [root@asnaik-asnaik1 ~]# ambari-server stop Using python /usr/bin/python Stopping ambari-server Waiting for server stop... Ambari Server stopped 2) perform ambari-server setup and customize the user-account for ambari server [root@asnaik-asnaik1 ~]# ambari-server setup Using python /usr/bin/python Setup ambari-server Checking SELinux... SELinux status is 'enabled' SELinux mode is 'permissive' WARNING: SELinux is set to 'permissive' mode and temporarily disabled. OK to continue [y/n] (y)? Customize user account for ambari-server daemon [y/n] (n)? y Enter user account for ambari-server daemon (root):root Adjusting ambari-server permissions and ownership... WARNING: Command chown -R -L root /var/lib/ambari-server returned exit code /var/lib/ambari-server with message: chown: cannot dereference ‘/var/lib/ambari-server/resources/mysql-connector-java.jar’: No such file or directory chown: cannot dereference ‘/var/lib/ambari-server/resources/mysql-jdbc-driver.jar’: No such file or directory Checking firewall status... Checking JDK... Do you want to change Oracle JDK [y/n] (n)? n Checking GPL software agreement... Completing setup... Configuring database... Enter advanced database configuration [y/n] (n)? n Configuring database... .... 3) start ambari-server [root@asnaik-asnaik1 ~]# ambari-server start Using python /usr/bin/python Starting ambari-server Ambari Server running with administrator privileges. Organizing resource files at /var/lib/ambari-server/resources... </PRE><P> Refer to help : <A href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation/content/set_up_the_ambari_server.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.0/bk_ambari-installation/content/set_up_the_ambari_server.html</A></P><P> If you have any doubt.</P><P style="color:green"> <STRONG>Please accept this answer if its helpful</STRONG></P> Thu, 27 Dec 2018 01:22:17 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239445#M201254 akhilsnaik 2018-12-27T01:22:17Z https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239446#M201255 <P>Thanks Akhil, that helps.</P> Thu, 27 Dec 2018 01:53:35 GMT https://community.cloudera.com/t5/Support-Questions/SPNEGO-keytab-file-ownership-and-chown-errors-at-quot/m-p/239446#M201255 rajeswaran_govi 2018-12-27T01:53:35Z