Running Unravel daemons with a custom user
Unravel Server daemons run as a local user unravel by default. You might want to run as a different user, for example:
Run as
hdfsormaprbecause this user has access to log files needed by Unravel on a non-Kerberos cluster with simple Unix security.Run as a customized service account with a name aligned with your local policies.
The "run-as" user should match the user you targeted for
setfaclcommands done during installation on a Kerberos-enabled cluster.
Use the procedure below to change which user Unravel utilizes. This change only needs to be done once; it will be preserved by RPM upgrades.
Procedure to switch user
Run the following command to switch running Unravel daemons to
userand withgroup. Replace both with valid names, without the curly braces; see the scenarios below.sudo /usr/local/unravel/install_bin/switch_to_user.sh
usergroupScenario
USER
GROUP
MapR installation
maprmaprCDH or HDP with simple Linux security
hdfshadooporhdfsKerberos enabled on CDH/HDP and Sentry/Ranger/setfacl access already enabled for custom local user "foo" in group "foo".
foofooKerberos enabled on CDH/HDP and Sentry/Ranger/setfacl access already enabled for local user "hdfs" in group "hadoop".
hdfshadoopStart Unravel daemons.
sudo /etc/init.d/unravel_all.sh start
Effect
The effect of the switch_to_user.sh is:
/etc/unravel_ctldefines environment variablesRUN_ASandUSE_GROUP.HDFS_KEYTAB_PATHandHDFS_KERBEROS_PRINCIPALenvironment variables are removed from/usr/local/unravel/etc/unravel.ext.sh./usr/local/unravel/and/srv/unravel/*are recursively set to ownershipRUN_AS:USE_GROUP./srv/unravel/tmp_hdfs/directory is removed (no longer needed).Log files in
/srv/unravel/log_hdfsare moved to/usr/local/unravel/logs./srv/unravel/log_hdfsdirectory is removed (no longer needed).The
umaskof therun-asdaemon can now be more restrictive than 022; it can be 007 or 077.The permission (
chmod) bits of/usr/local/unraveland/srv/unravelcan remove Group and Other visibility if desired.