Support Questions

Find answers, ask questions, and share your expertise

For Kerberos enable HDP Cluster does all the UID in /etc/passwd should be > 1000? . How instal hpd with Ambari will address this UID

avatar
Contributor

Hi ,

When we are installing hpd using Ambari Blue Print, how can we make sure all service a/c get created with UID > 1000? .

I see below error in Hive beeline Kerberos enable hdp

Requested user hive is not whitelisted and has id 500,which is below the minimum allowed 1000

Thanks

JJ

1 ACCEPTED SOLUTION

avatar
Contributor

Hi @Jacqualin jasmin - looking at the /etc/passwd in my lab, I see a mixture of service logins with ids of around 500 and others are over 1000. Hive specifically is less than 1000. I also looked at a larger secured production cluster, and all the service logins were over 1000. Looks like you have several options: (1) set min.user.id=500, but not sure this is advisable from security perspective, (2) create new accounts over 1000 and use those to launch your jobs, (3) white list the user somehow (not entirely sure how to do that), or (4) update the service accounts with higher numbers.

View solution in original post

4 REPLIES 4

avatar
Contributor

I cannot get your question.

Why do you think you need to update the group file?

avatar
Contributor

Hi @Jacqualin jasmin - Ambari generally takes care of this during installation. I just looked at a lab environment that was Ambari installed, and see the group numbers are all < 1000. I've worked with many customers, and never seen a case where this needed to be changed. As a result, I don't think you need to change this.

avatar
Contributor

Hi Eddie,

Sorry about the misleading. I mean uid in /etc/passwd file. Does all the service a/c should have uid > 1000.

After enabling Kerberos, i see the error message as below

user hive is not whitelisted and has id 500,which is below the minimum allowed 1000

Does Ambari does not take care of this , when we mention min.user.id=1000 in the file : /etc/hadoop/conf/container-executor.cfg.

http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.2.0/bk_ambari_reference_guide/content/_defining_...

: All new service user accounts, and any existing user accounts used as service users, must have a UID >= 1000

Thanks

JJ

avatar
Contributor

Hi @Jacqualin jasmin - looking at the /etc/passwd in my lab, I see a mixture of service logins with ids of around 500 and others are over 1000. Hive specifically is less than 1000. I also looked at a larger secured production cluster, and all the service logins were over 1000. Looks like you have several options: (1) set min.user.id=500, but not sure this is advisable from security perspective, (2) create new accounts over 1000 and use those to launch your jobs, (3) white list the user somehow (not entirely sure how to do that), or (4) update the service accounts with higher numbers.