Do all Ambari services get added to the hadoop group? When adding another product as a custom services in ambari is there a requirement that it is added to the hadoop group on the linux servers? Or is that only for services with in the stack?
Based on the description on Hadoop services and Hadoop (https://docs.hortonworks.com/HDPDocuments/Ambari-126.96.36.199/bk_ambari-administration/content/defining_service_users_and_groups_for_a_hdp_2x_stack.html), all components in the stack belong to hadoop group. Further, atlas, ranger, ranger kms, knox, and spark has additional group atlas, ranger, kms, knox and spark respectively.
I am not sure what other components you want add to Ambari besides the ones in the stack. It is really depends on what data this component want to access. Based on that, we can add group for that user.
When I was looking at this I was looking at third party applications that are being made to plug into ambari.
They require the hadoop group added but in some cases these third party applications would be manged by another team not on a core node.
In those cases I would not like them to be in the hadoop group because that would give the other team access to all the keytabs on the servers.
In short I found that this is configurable in ambari when adding the services.