During the installation, application development team said is necessary have 21 different services accounts for each component
i asked them why and this is their answer :
"Within the Hadoop ecosystem having various components, and jobs running/originating out of those components, it is best practice to use service accounts specific to that component, for the benefit of auditing the job executions and troubleshooting as well"
So i was wondering about to know your point of view about this, it is necessary create those 21 services accounts ? If so, could you please bring to me a technical reason about why?
There is any problem using the same account for all? The cluster will be tightly secured. What is the best practice?
@Selene Have each account for each service is more secure because each account have it's own unix groups and privileges. Think of this way if one account got issue, complete ecosystem will in problem and secondly account id's like hdfs, yarn have there own privileges of permissions to execute few commands which can't be shared.
Think of today's modernized applications how each of them are running as macro services.
Technically speaking we can do it but you need to rewrite alot of code if you prefer to do. My suggestion go with service account.