Ambari FileView cannot open or upload files "Unauthorized connection for super-user" even with hadoop.proxyuser.root.groups=*

rvillanueva · ‎12-24-2019

Having problems uploading or opening files in Ambari (v2.7.3) FileView (HDP v3.1.0). Getting error

Unauthorized connection for super-user: root at <my local IP>

I configs that I think are relevant here are:

hadoop.proxyuser.hdfs.groups=*
hadoop.proxyuser.hdfs.hosts=*
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=hw001.co.local

Have seen similar questions here (https://community.cloudera.com/t5/Support-Questions/Unauthorized-connection-for-super-user/m-p/10211...) but not sure the problems are totally analogous.

Anyone know how to fix or get more debugging info?

rvillanueva · ‎12-24-2019

Looking at more existing post here (https://community.cloudera.com/t5/Support-Questions/Unauthorized-connection-for-super-user-root-from...) and here (https://community.cloudera.com/t5/Support-Questions/File-View-Error-Unauthorized-connection-for-supe...) found that also needed to change

hadoop.proxyuser.root.hosts=*

Setting this in HDFS configs in ambari and restarting the service seems to have fixed the problem.

Could anyone help explain this config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html). Not much experience with HDFS admin, but

In other words super is impersonating the user joe

gives me some concern about security. Could anyone help allay these concerns?

ask_bill_brooks · ‎12-24-2019

[This question was moved here because it was posted 12-24-2019 to multiple threads previously marked 'Solved' as early as 10-22-2016 03:03 AM—Moderator]

Could you explain a bit (or link to docs) on what exactly the hadoop.proxyuser.$.hosts and hadoop.proxyuser.$.groups are (what they mean and why setting * helps here)?

rvillanueva · ‎12-24-2019

@jsensharma

Could you help explain the

hadoop.proxyuser.<USER>.hosts

config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html) and not much experience with HDFS admin, but

In other words super is impersonating the user joe

gives me some concern about security. Could anyone help allay these concerns?

ask_bill_brooks · ‎12-24-2019

[This question was moved here because it was posted 12-24-2019 to a thread previously marked 'Solved' 10-22-2016 03:03 AM —Moderator]

Could you help explain this hadoop.proxyuser.<user>.hosts config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred or potentially accessible to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html) and not much experience with HDFS admin, but

In other words super is impersonating the user joe

gives me some concern about security. Could anyone help allay these concerns?