Support Questions

amol_08 · ‎09-19-2017

yarn-resourcemanager.zk-acl its value is "world:anyone:rwcda" which is default one, but i just want to understand what these terms are in value like world, anyone, rwcda

ssubhas · ‎09-19-2017

@Anurag Mishra

world:anyone means the permissions apply to all users trying to connecting to Zookeeper.

The permissions string consists of one or more of the following characters: r (read), w (write), c (create), d (delete), and a (admin).

amol_08 · ‎09-19-2017

i want to give permission to admin only what has to be done ?

amol_08 · ‎09-19-2017

@Jay SenSharma pls have a look

jsensharma · ‎09-19-2017

@Anurag Mishra

I see that @Sindhu explained correctly about the meaning of this properly.

Why do you want to set the property to "admin" ?

"yarn.resourcemanager.zk-acl" ACLs to be used for setting permissions on ZooKeeper znodes. The default value is world:anyone:rwcda.

Why do you want to set the Zookeeper Nodes permission to admin?

.

amol_08 · ‎09-19-2017

i want to disable resource manager ui to all non admin users,

amol_08 · ‎09-19-2017

@Jay SenSharma can you suggest something by which i can disable resource manager ui to all users except admin.

yarn ->quick links -> resource manager ui

when user clicks on resource manager ui it should not work

jsensharma · ‎09-19-2017

@Anurag Mishra

By default, access to the HTTP-based services and UI’s for the cluster are not configured to require authentication. Kerberos authentication can be configured for the Web UIs for HDFS, YARN, MapReduce2, HBase, Oozie, Falcon and Storm.

.

So if you want any kind of Authentication for your UIs (ResourceManager UI) then you can try the "SPNEGO" Approach:

https://docs.hortonworks.com/HDPDocuments/Ambari-2.5.2.0/bk_ambari-security/content/configuring_http...

amol_08 · ‎09-19-2017

@Jay SenSharma if cluster does not support KB , is there any other way to achieve same ?

Support Questions

yarn-resourcemanager.zk-acl property