Support Questions

Find answers, ask questions, and share your expertise

ambari-agent as a non root user

New Contributor

I proceeded with the document.

ambari-server: non-root-account: start

ambari-agent: non-root-account: start

Here, using cluster install wizard on ambari-server, Complete kafka install

At the time of the last check ambari-agent is restarted with root privilege,

kafka is root privilege.

I would like to report that ambari-agent and kafka are non-root-account.

Where should I check.


Expert Contributor

@mo mo

Is this the guide you have followed?

Have you changed the run_as_user?

Hi @mo mo!

I'm not sure if i get you right, but:

  • Use ps -ef | grep -i kafka or ps -ef | grep -i ambari-agent at the respectively machines (which has the component installed) to check who's owning this process at linux
  • Go to Ambari UI > Admin (tab) > Service Accounts > Table with each service=service account
  • Use id <non-root-account> to check its groups, if belongs to root group and so on

Hope this helps!

New Contributor

thanks @Vinicius Higa Murakami

Checking with ps -ef confirms that it is running as a kafka user. But I do not know why the ambari-agent restarts as root .

I proceeded with this document.

  • ambari-server
ambari]$sudo vi /etc/ambari-server/conf/ 
ambari]$ ambari-server status
	Using python  /usr/bin/python
	Ambari-server status
	Ambari Server running
	Found Ambari Server PID: 5862 at: /var/run/ambari-server/
ambari]$ ps -axu | grep 5864
	ambari     5862  4.7  2.0 12123220 662272 pts/0 Sl   14:19   4:40 /usr/jdk64/jdk1.8.0_112/bin/java -server -XX:NewRatio=3 -XX:+UseConcMarkSweepGC -XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 -XX:+CMSClassUnloadingEnabled -Xms512m -Xmx2048m -XX:MaxPermSize=128m -cp /etc/ambari-server/conf:/usr/lib/ambari-server/*:/usr/share/java/mysql-connector-java-6.0.6.jar:/usr/share/java/mysql-connector-java.jar org.apache.ambari.server.controller.AmbariServer

  • server ambari-agent (user= ambari)
ambari]$ sudo vi /etc/ambari-agent/conf/ambari-agent.ini

ambari]$  ambari-agent status
	Found ambari-agent PID: 7758
	ambari-agent running.
	Agent PID at: /run/ambari-agent/
	Agent out at: /var/log/ambari-agent/ambari-agent.out
	Agent log at: /var/log/ambari-agent/ambari-agent.log

ambari]$ ps -axu | grep 7758
	ambari     7758  0.8  0.0 1980336 28208 pts/0   Sl   15:05   0:28 /usr/bin/python /usr/lib/ambari-agent/lib/ambari_agent/ start

  • confirm Hosts install - > resource -> succ
  • ambari-agent (user= root) ???? why ambari agent restart??
ambari]$ sudo vi /etc/ambari-agent/conf/ambari-agent.ini

ambari]$ ambari-agent status
	Found ambari-agent PID: 9758
	ambari-agent running.
	Agent PID at: /run/ambari-agent/
	Agent out at: /var/log/ambari-agent/ambari-agent.out
	Agent log at: /var/log/ambari-agent/ambari-agent.log

ambari]$ ps -axu | grep 9758
	root     7758  0.8  0.0 1980336 28208 pts/0   Sl   15:05   0:28 /usr/bin/python /usr/lib/ambari-agent/lib/ambari_agent/ start
ambair]$sudo visudo
ambari ALL=(ALL) NOPASSWD:SETENV: /bin/su hdfs *,/bin/su ambari-qa *,/bin/su ranger *,/bin/su zookeeper *,/bin/su knox *,/bin/su falcon *,/bin/su ams *, /bin/su flume *,/bin/su hbase *,/bin/su spark *,/bin/su accumulo *,/bin/su hive *,/bin/su hcat *,/bin/su kafka *,/bin/su mapred *,/bin/su oozie *,/bin/su sqoop *,/bin/su storm *,/bin/su tez *,/bin/su atlas *,/bin/su yarn *,/bin/su kms *,/bin/su activity_analyzer *,/bin/su livy *,/bin/su zeppelin *,/bin/su infra-solr *,/bin/su logsearch *,/bin/su druid *,/bin/su superset *,/usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/ls, /bin/chown, /bin/chmod, /bin/chgrp, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /bin/touch, /usr/bin/mysql, /sbin/service mysqld *, /usr/bin/dpkg *, /bin/rpm *, /usr/sbin/hst *, /sbin/service rpcbind *, /sbin/service portmap *,/usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/, /usr/lib/hadoop/bin/, /usr/lib/hadoop/sbin/, /usr/bin/ambari-python-wrap *,/usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod,/usr/bin/python2.6 /var/lib/ambari-agent/data/tmp/ *, /usr/hdp/current/knox-server/bin/,/usr/hdp/*/ranger-usersync/, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start, /usr/hdp/*/ranger-admin/ *, /usr/hdp/*/ranger-knox-plugin/ *, /usr/hdp/*/ranger-storm-plugin/ *, /usr/hdp/*/ranger-hbase-plugin/ *, /usr/hdp/*/ranger-hdfs-plugin/ *, /usr/hdp/current/ranger-admin/, /usr/hdp/current/ranger-kms/, /usr/hdp/*/ranger-*/,/usr/lib/ambari-infra-solr/bin/solr *, /usr/lib/ambari-logsearch-logfeeder/ *, /usr/sbin/ambari-metrics-grafana *, /usr/lib/ambari-infra-solr-client/ *,/var/lib/ambari-agent/tmp/, /usr/bin/python /var/lib/ambari-agent/tmp/setupAgent*.py, /usr/bin/python

Add in response to " Sorry, user ambari is not allowed to execute '/var/lib/ambari-agent/tmp/' as root on dev-xxx."

add the following to visudo /var/lib/ambari-agent/tmp/, /usr/bin/python /var/lib/ambari-agent/tmp/setupAgent*.py, /usr/bin/python

Super Mentor

@mo mo

One python script internally invokes various other os utilities and commands so in otder to run ambari agent as non root user you will have to follow the list of commands that are mentioned in the following docs as it is: