Support Questions

garunkumar85 · ‎01-29-2016

How to restrict access to Name node logs for a particular users/groups?

ArpitAgarwal · ‎01-29-2016

Hi @AR, the '/logs' servlet is admin-only. There is no way to expose it to non-privileged users.

HDFS administrators are configured via dfs.cluster.administrators, although you obviously don't want to add arbitrary users to this list just to get logs servlet access.

View solution in original post

nsabharwal · ‎01-29-2016

@AR That will based on your POSIX access level. Chmod and Chown

Make sure users are not part of hdfs/hadoop group.

Don't let users login to Master nodes. Restrict access to edge nodes only

garunkumar85 · ‎01-29-2016

@Neeraj Sabharwal Thank you for your response. But what if we need to allow users to view the logs (read only) through Ambari only not even edge node access.

just this url access

http://domainame:50070/logs/

nsabharwal · ‎01-29-2016

@AR see this

http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/

nsabharwal · ‎01-29-2016

@AR

See this

Hint : it may not be exact solution

http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/

ArpitAgarwal · ‎01-29-2016

Hi @AR, the '/logs' servlet is admin-only. There is no way to expose it to non-privileged users.

HDFS administrators are configured via dfs.cluster.administrators, although you obviously don't want to add arbitrary users to this list just to get logs servlet access.

Cloudera Community

Support Questions

Namenode logs access control