Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Root user not showing up on Ranger

Solved Go to solution

Root user not showing up on Ranger

New Contributor

Why isn't the root user showing up on ranger?

I intend to give permission to the root user on Hbase but I'm getting the following error:

 

 

hbase(main):001:0> grant 'root','RWXCA'

ERROR: org.apache.hadoop.hbase.coprocessor.CoprocessorException: HTTP 400 Error: root is Not Found
        at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.grant(RangerAuthorizationCoprocessor.java:1261)
        at org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor.grant(RangerAuthorizationCoprocessor.java:1072)
        at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService$1.grant(AccessControlProtos.java:10023)
        at org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos$AccessControlService.callMethod(AccessControlProtos.java:10187)
        at org.apache.hadoop.hbase.regionserver.HRegion.execService(HRegion.java:8065)
        at org.apache.hadoop.hbase.regionserver.RSRpcServices.execServiceOnRegion(RSRpcServices.java:2426)
        at org.apache.hadoop.hbase.regionserver.RSRpcServices.execService(RSRpcServices.java:2408)
        at org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:42010)
        at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:413)
        at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:131)
        at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:324)
        at org.apache.hadoop.hbase.ipc.RpcExecutor$Handler.run(RpcExecutor.java:304)

 

 

I assume this is because ranger does not recognize the unix root user. But why? Is there a workaround?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Root user not showing up on Ranger

Mentor

@marcusvmc 
ROOT use is not a normal HDP user but an OS superuser used to escalate privileges to do some changes on the host level.

The hbase super user is hbase just like hdfs Ranger reads the /etc/passwd and /etc/group and ONLY loads (syncs) users /groups whos id is > 500 

If you want to trick Ranger to sync root who's id is root:x:0:0:root:/root:/bin/bash then you have to tweak the minimum user ID below

Procedure

  1. Configure Ranger user sync for UNIX:
    1. On the Ranger Customize Services page, select the Ranger User Info tab.
    2. Click Yes under Enable User Sync.
    3. Use the Sync Source drop-down to select UNIX, then set the following properties:
      Table 1. UNIX user sync propertiesProperty Description Default value
      Minimum user IDOnly sync users above this user ID.500
      Password fileThe location of the password file on the Linux server.

      /etc/passwd

      Group fileThe location of the groups file on the Linux server.

      /etc/group

Question:

Why would you want root user rights managed by Ranger? Use sudo if you want to impersonate root

I hope that helps !!

 

 

2 REPLIES 2
Highlighted

Re: Root user not showing up on Ranger

Mentor

@marcusvmc 
ROOT use is not a normal HDP user but an OS superuser used to escalate privileges to do some changes on the host level.

The hbase super user is hbase just like hdfs Ranger reads the /etc/passwd and /etc/group and ONLY loads (syncs) users /groups whos id is > 500 

If you want to trick Ranger to sync root who's id is root:x:0:0:root:/root:/bin/bash then you have to tweak the minimum user ID below

Procedure

  1. Configure Ranger user sync for UNIX:
    1. On the Ranger Customize Services page, select the Ranger User Info tab.
    2. Click Yes under Enable User Sync.
    3. Use the Sync Source drop-down to select UNIX, then set the following properties:
      Table 1. UNIX user sync propertiesProperty Description Default value
      Minimum user IDOnly sync users above this user ID.500
      Password fileThe location of the password file on the Linux server.

      /etc/passwd

      Group fileThe location of the groups file on the Linux server.

      /etc/group

Question:

Why would you want root user rights managed by Ranger? Use sudo if you want to impersonate root

I hope that helps !!

 

 

Re: Root user not showing up on Ranger

New Contributor

I'm in a test environment and it would really help if I'm already logged in as root to do everything I need, including accessing Hbase.

I performed the changes and everything works perfectly! Thanks!