ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Dimiduk (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-10872) Phoenix QS should run as a different user, with different keytabs/principal than HBase
Date Mon, 04 May 2015 17:08:06 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-10872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nick Dimiduk updated AMBARI-10872:
----------------------------------
    Attachment: 10872.patch

Parking a patch here for now. Probably doesn't work because of user permissions in things
like the log and pid dirs.

> Phoenix QS should run as a different user, with different keytabs/principal than HBase
> --------------------------------------------------------------------------------------
>
>                 Key: AMBARI-10872
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10872
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>            Reporter: Nick Dimiduk
>         Attachments: 10872.patch
>
>
> HBase processes run as 'hbase' user, which is effectively a super-user for HBase. Running
the PQS as this user is quite a wide exposure, especially on an otherwise secured cluster.
PQS does not yet have the ability to act on an authenticated users' behalf. In the mean time,
we should allow the PQS to run as a non-root user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message