Configure Ambari Server for Non-Root
You can configure the Ambari Server to run as a non-root user.
During the ambari-server setup process, when
Customize user account for ambari-server daemon?, choose
- When prompted, enter the appropriate, non-root user to run the Ambari Server as; for example: ambari.
The non-root functionality relies on sudo to run specific commands that require
elevated privileges as defined in the Sudoer configuration. Each of the substeps
include the specific sudo entries that you should place in
/etc/sudoersby running the
Enter the the specific commands that must be issued for standard server
# Ambari Commands ambari ALL=(ALL) NOPASSWD:SETENV: /bin/mkdir -p /etc/security/keytabs, /bin/chmod * /etc/security/keytabs/*.keytab, /bin/chown * /etc/security/keytabs/*.keytab, /bin/chgrp * /etc/security/keytabs/*.keytab, /bin/rm -f /etc/security/keytabs/*.keytab, /bin/cp -p -f /var/lib/ambari-server/data/tmp/* /etc/security/keytabs/*.keytab
Some versions of sudo have a default configuration that prevents sudo
from being invoked from a non-interactive shell. In order for the agent
to run it's commands non-interactively, some defaults need to be
Defaults exempt_group = ambari Defaults !env_reset,env_delete-=PATH Defaults: ambari !requiretty
- Enter the the specific commands that must be issued for standard server operations: