-Re: Accumulo software and processes owner
Josh Elser 2013-04-26, 21:13
One extra point, you definitely do *not* want to run Accumulo as the linux
root user. :)
As Adam pointed out, there are definitely some advantages to having a
singular user which runs all of the Accumulo processes. Accumulo, however,
doesn't really care which user its run as, so that's probably why the user
manual doesn't state anything. We could probably add in a note to recommend
a default of "accumulo".
On Fri, Apr 26, 2013 at 4:53 PM, Adam Fuchs <[EMAIL PROTECTED]> wrote:
> To properly secure you Accumulo install it's important that the shared
> secret in the Accumulo configs only be shared with the Accumulo processes,
> so I would recommend using a separate accumulo user.
> In HDFS you can create the directory that Accumulo writes to (/accumulo by
> default) and then chown it to accumulo. That ought to get you started. If
> trash is enabled in HDFS (fs.trash.interval set to something other than 0,
> I believe) then you may also have to create the accumulo home directory in
> hdfs and chown that as well.
> On Apr 26, 2013 4:36 PM, "Terry P." <[EMAIL PROTECTED]> wrote:
>> I just finished setting up an 8-node cluster using Cloudera CDH3u5 and
>> Accumulo 1.4.2. The Cloudera rpm installations created the hdfs Linux user
>> and hadoop group (and others). I initially created an accumulo Linux user
>> and set it as the owner of the Accumulo software.
>> However, after HDFS was up and running, when I attempted to start
>> Accumulo as the accumulo Linux user, I of course got HDFS permission denied
>> when it tried to write to HDFS. Being a newbie, I didn't bother figuring
>> out how to grant HDFS permissions to the accumulo account, I just started
>> Accumulo as the hdfs user so I could get things rolling.
>> As what user does one normally start Accumulo? hdfs? Linux root? The
>> Accumulo User Manual never recommends anything about who the Accumulo
>> binaries should be owned by or what account it should be run under (e.g.
>> root, or an accumulo Linux account).
>> Thanks in advance,