Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎07-22-2016

KUDU Parcel: Make System User and Group Configurable on Install

We have a need to be able to configure the system user and the system group when installing/upgrading Kudu using parcels in Cloudera Manager. This is for security reasons, we have internal requirements regarding the naming of application id's and groups that require us to change the id/group before the kudu id/group is ever created or used.

Cloudera Employee
Posts: 47
Registered: ‎02-05-2016

Re: KUDU Parcel: Make System User and Group Configurable on Install

You can configure CM to run Kudu as any combination of system user/group you like. In Kudu's configuration page, search for "System User" and "System Group". Set them as you want, then restart the service.

If Kudu already has on-disk data, you may need to chown/chgrp it so the Kudu processes can properly read/write that data.
New Contributor
Posts: 2
Registered: ‎07-22-2016

Re: KUDU Parcel: Make System User and Group Configurable on Install

Thanks for the quick reply Adar.

 

The issue is not that we cannot change it once installed, the issue is that when it is installed with the default kudu id/group, it causes an internal security flag/alert.  My request is to see if it possible to change the parcel to enable these two options (user/group) to be configurable during install.

 

Cloudera Employee
Posts: 47
Registered: ‎02-05-2016

Re: KUDU Parcel: Make System User and Group Configurable on Install

I see. Then before you distribute the parcel, find the CM setting called "Create Users and Groups, and Apply File Permissions for Parcels" (it's an administrative setting, not particular to any one service) and disable it.

 

Doing this means that activating the Kudu parcel won't create any users/groups. Then you can use the Kudu "System User" or "System Group" parameters to have Kudu processes run as some other UNIX user/group that you've already configured and created. You can also leave those two parameters at their default values provided you ensure that the 'kudu' UNIX user and group are created in some way on every machine where a Kudu process is expected to run.