Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Namenode logs access control

Labels:
avatar
author-rank garunkumar85
Expert Contributor

Created ‎01-29-2016 06:33 PM

How to restrict access to Name node logs for a particular users/groups?

1,594 Views
1 ACCEPTED SOLUTION

avatar
author-rank ArpitAgarwal author-rank
Guru

Created ‎01-29-2016 08:29 PM

Hi @AR, the '/logs' servlet is admin-only. There is no way to expose it to non-privileged users.

HDFS administrators are configured via dfs.cluster.administrators, although you obviously don't want to add arbitrary users to this list just to get logs servlet access.

View solution in original post

1,433 Views
5 REPLIES 5

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-29-2016 06:35 PM

@AR That will based on your POSIX access level. Chmod and Chown

Make sure users are not part of hdfs/hadoop group.

Don't let users login to Master nodes. Restrict access to edge nodes only

1,433 Views
0 Kudos

avatar
author-rank garunkumar85
Expert Contributor

Created ‎01-29-2016 07:34 PM

@Neeraj Sabharwal Thank you for your response. But what if we need to allow users to view the logs (read only) through Ambari only not even edge node access.

just this url access

http://domainame:50070/logs/

1,433 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-29-2016 07:39 PM

@AR see this

http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/

1,433 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎01-29-2016 07:41 PM

@AR

See this

Hint : it may not be exact solution

http://hortonworks.com/blog/hadoop-groupmapping-ldap-integration/

1,433 Views
0 Kudos

avatar
author-rank ArpitAgarwal author-rank
Guru

Created ‎01-29-2016 08:29 PM

Hi @AR, the '/logs' servlet is admin-only. There is no way to expose it to non-privileged users.

HDFS administrators are configured via dfs.cluster.administrators, although you obviously don't want to add arbitrary users to this list just to get logs servlet access.

1,434 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements