07-22-2016 07:52 AM
We have a need to be able to configure the system user and the system group when installing/upgrading Kudu using parcels in Cloudera Manager. This is for security reasons, we have internal requirements regarding the naming of application id's and groups that require us to change the id/group before the kudu id/group is ever created or used.
07-22-2016 10:05 AM
07-22-2016 03:12 PM
Thanks for the quick reply Adar.
The issue is not that we cannot change it once installed, the issue is that when it is installed with the default kudu id/group, it causes an internal security flag/alert. My request is to see if it possible to change the parcel to enable these two options (user/group) to be configurable during install.
07-25-2016 06:38 PM
I see. Then before you distribute the parcel, find the CM setting called "Create Users and Groups, and Apply File Permissions for Parcels" (it's an administrative setting, not particular to any one service) and disable it.
Doing this means that activating the Kudu parcel won't create any users/groups. Then you can use the Kudu "System User" or "System Group" parameters to have Kudu processes run as some other UNIX user/group that you've already configured and created. You can also leave those two parameters at their default values provided you ensure that the 'kudu' UNIX user and group are created in some way on every machine where a Kudu process is expected to run.