Support Questions

Find answers, ask questions, and share your expertise

Is extra sudoers configuration required for running HDF services in an HDP Ambari cluster?

I have an Ambari with HDP cluster setup.I run ambari and ambari-agent with non-root users. I added HDF mpack onto it and started with installing NiFi service. NiFi installation failed with the following error:

resource_management.core.exceptions.ExecutionFailed: Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute '/bin/su nifi -l -s /bin/bash -c export  PATH='/usr/sbin:/sbin:/usr/lib/ambari-server/*:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/ambari/bin:/var/lib/ambari-agent' ; touch /var/log/nifi/nifi-setup.log' as root on

After adding /bin/su nifi * to sudoers list, NiFi installation finished successfully.

Similarly, an error occurred in NiFi service check action:

raise Fail("Call to admin-toolkit encountered error: {0}".format(out)

resource_management.core.exceptions.Fail: Call to admin-toolkit encountered error: Sorry, user ambari is not allowed to execute '/var/lib/ambari-agent/cache/common-services/NIFI/1.0.0/package/files/nifi-toolkit- -d /usr/hdf/current/nifi -b /usr/hdf/current/nifi/conf/bootstrap.conf -o status -u'
 as root on

So do we have any consolidated list of sudoers configuration that are required for installing HDF services?



Super Mentor

@Saloni Udani

Are you sure that you have configured the ambari agent to run as Non-Root user by following the docs instructions as mentioned in :





Please notice that the "/bin/touch" command is included in your sudoer command or not as mentioned in link1? We see error as:

Execution of 'touch /var/log/nifi/nifi-setup.log' returned 1. Sorry, user ambari is not allowed to execute


# Ambari: Core System Commands
ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/ls, /bin/chown, /bin/chmod, /bin/chgrp, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /bin/touch, /usr/bin/mysql, /sbin/service mysqld *, /usr/bin/dpkg *, /bin/rpm *, /usr/sbin/hst *, /sbin/service rpcbind *, /sbin/service portmap *


@Jay Kumar SenSharma

Yes, I have followed the same document link for setting up non-root ambari agent.

Super Mentor

@Saloni Udani

Using the non root user (which is running the ambari agent) are you able to create the file manually using command line ?

# touch /var/log/nifi/nifi-setup.log


@Jay Kumar SenSharma

[ambari@c6805 ~]$ sudo touch /var/log/nifi/nifi-setup.log

I am able to successfully run this command.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.