Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive user has id below 1000, when deploying kerberized cluster with CloudBreak 2.7

Hive user has id below 1000, when deploying kerberized cluster with CloudBreak 2.7

New Contributor

Hi

I'm using CloudBreak 2.7 for deploying my clusters. For the record: I didn't have that issue with CBD 2.6

Issue:
In my kerberized cluster, when trying to start Hive Interactive I get this error:

Requested user hive is not whitelisted and has id 982,which is below the minimum allowed 1000

When I check /etc/passwd I can see that half of HDP services are below 1000 and some are above, so this error message is valid. For security I don't wont to decrease a minimal value for this. Is there a fix for that?

Many thanks in advance.

3 REPLIES 3

Re: Hive user has id below 1000, when deploying kerberized cluster with CloudBreak 2.7

Super Mentor

@Jakub Igla

Kerberized Clusters uses "LinuxContainerExecutor" which can be tuned based on our requirement to set the min.user.id setting insie the /etc/hadoop/conf/container-executor.cfg or via Ambari as

Services > YARN > Configs tab > Advanced tab > Advanced yarn-env > "Minimum user ID for submitting job" 

Please refer to the following link [1] to know more about the following message:

Requested user XXXXX is not whitelisted and has id 507,which is below the minimum allowed 1000

[1] https://community.hortonworks.com/articles/2439/linuxcontainerexecutor-security-best-practices.html

Re: Hive user has id below 1000, when deploying kerberized cluster with CloudBreak 2.7

New Contributor

Hi @Jay Kumar SenSharma

Yes, I'm aware of those settings and as I said (the link above also is mentioning this) I would like to avoid changing the default value. My question is more about, why Cloudbreak 2.7 creates service principles with low IDs when I enable kerberos?

Highlighted

Re: Hive user has id below 1000, when deploying kerberized cluster with CloudBreak 2.7

Cloudera Employee

Hi @Jakub Igla,

We're investigating this issue.

Could you share with us, which Ambari blueprint are you using?

Cloudbreak doesn't manage these IDs and it seems they are generated randomly between a range.

I suggest to try cluster creation again, sometimes hive user gets ID higher than 1000.

Regards,

Adam