Created on 12-24-2019 11:06 AM - edited 12-24-2019 11:09 AM
Having problems uploading or opening files in Ambari (v2.7.3) FileView (HDP v3.1.0). Getting error
Unauthorized connection for super-user: root at <my local IP>
I configs that I think are relevant here are:
hadoop.proxyuser.hdfs.groups=*
hadoop.proxyuser.hdfs.hosts=*
hadoop.proxyuser.root.groups=*
hadoop.proxyuser.root.hosts=hw001.co.local
Have seen similar questions here (https://community.cloudera.com/t5/Support-Questions/Unauthorized-connection-for-super-user/m-p/10211...) but not sure the problems are totally analogous.
Anyone know how to fix or get more debugging info?
Created on 12-24-2019 11:08 AM - edited 12-24-2019 11:52 AM
Looking at more existing post here (https://community.cloudera.com/t5/Support-Questions/Unauthorized-connection-for-super-user-root-from...) and here (https://community.cloudera.com/t5/Support-Questions/File-View-Error-Unauthorized-connection-for-supe...) found that also needed to change
hadoop.proxyuser.root.hosts=*
Setting this in HDFS configs in ambari and restarting the service seems to have fixed the problem.
Could anyone help explain this config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html). Not much experience with HDFS admin, but
In other words super is impersonating the user joe
gives me some concern about security. Could anyone help allay these concerns?
Created on
12-24-2019
11:13 AM
- last edited on
12-24-2019
07:24 PM
by
ask_bill_brooks
[This question was moved here because it was posted 12-24-2019 to multiple threads previously marked 'Solved' as early as 10-22-2016 03:03 AM—Moderator]
Could you explain a bit (or link to docs) on what exactly the hadoop.proxyuser.$.hosts and hadoop.proxyuser.$.groups are (what they mean and why setting * helps here)?
Created 12-24-2019 11:54 AM
Could you help explain the
hadoop.proxyuser.<USER>.hosts
config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html) and not much experience with HDFS admin, but
In other words super is impersonating the user joe
gives me some concern about security. Could anyone help allay these concerns?
Created on
12-24-2019
11:56 AM
- last edited on
12-24-2019
07:28 PM
by
ask_bill_brooks
[This question was moved here because it was posted 12-24-2019 to a thread previously marked 'Solved' 10-22-2016 03:03 AM —Moderator]
Could you help explain this hadoop.proxyuser.<user>.hosts config a bit more or link to docs explaining exactly what it does / means (ie. I hope it does not imply that root / super-user privileges are conferred or potentially accessible to other users accessing HDFS in any way)? Found the docs here (https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html) and not much experience with HDFS admin, but
In other words super is impersonating the user joe
gives me some concern about security. Could anyone help allay these concerns?