This is the documentation for Cloudera Manager 5.1.x.
Documentation for other versions is available at Cloudera Documentation.

Permission Requirements

The following sections describe the permission requirements for package-based installation and upgrades of CDH with and without Cloudera Manager. The permission requirements are not controlled by Cloudera but result from standard UNIX system requirements for the installation and management of packages and running services.

Permission Requirements for Package-Based CDH Installation with Cloudera Manager

  Important: Unless otherwise noted, when root and/or sudo access is required, using another system (such as PowerBroker) that provides root/sudo privileges is acceptable.
  • Installation of Cloudera Manager (via cloudera-manager-installer.bin) requires root and/or sudo access on a single host.
  • Manual start/stop/restart of the Cloudera Manager Server (that is, logging onto the host running Cloudera Manager and executing: service cloudera-scm-server action) requires the use of root and/or sudo.
  • A running instance of Cloudera Manager Server does not require root and/or sudo access, as the Server is run under the user cloudera-scm
  • Installation of CDH components through Cloudera Manager requires the use of one of the following, as configured during the initial installation of Cloudera Manager:
    • Direct access to root user via the root password.
    • Direct access to root user using a SSH key file.
    • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual hosts, which is a requirement of the UNIX system in general.
    Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable.
  • Cloudera Manager uses a process called the Cloudera Manager Agent on each host that is being managed. Installation of the Cloudera Manager Agent through Cloudera Manager requires the use of one of the following, as configured during the initial installation of Cloudera Manager:
    • Direct access to root user via the root password.
    • Direct access to root user using a SSH key file.
    • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual hosts, which is a requirement of the UNIX system in general.
    Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable.
  • The Cloudera Manager Agent requires access to the root user account at runtime. This is achieved via three scenarios:
    • During Cloudera Manager and CDH installation on a given host, the Agent is automatically started upon a successful installation. It is then started via one of the following, as configured during the initial installation of Cloudera Manager:
      • Direct access to root user via the root password
      • Direct access to root user using a SSH key file
      • Passwordless sudo access for a specific user
      Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable.
    • Via automatic startup during system boot, via init.
    • Manual start/stop/restart of the Agent process requires root and/or sudo access. This permission requirement is to ensure that services managed by the Cloudera Manager Agent on any given host assume the appropriate user (that is, the HDFS service assumes the hdfs user) for correct privileges. Any action request for a CDH service managed within Cloudera Manager does not require root and/or sudo access, as the action(s) are handled by the Cloudera Manager Agent which is already running under the root user.

Permission Requirements for Package-Based CDH Installation without Cloudera Manager

  • Installation of CDH products requires root and/or sudo access for the installation of any RPM based package during the time of installation and service startup/shut down:
    • Passwordless SSH under the root user is not required for the installation (SSH root keys)
  • Upgrading previously installed CDH packages requires root and/or sudo access to be completed:
    • Passwordless SSH under the root user is not required for the upgrade process (SSH root keys)
  • Cloudera recommends passwordless SSH as root (SSH root keys) for simplicity of manually installing and/or upgrading hosts within a CDH ready cluster for the following reasons:
    • Scripts can be created to assist in CDH package management across the cluster
    • Scripts can be created to assist in configuration management across the cluster
  • Any changes to the CDH package, including RPM upgrades, configuration changes that require CDH service restarts, or adding CDH services require the use of root and/or sudo access to restart any host impacted by this change, which could lead to a restart of a given service on each host in the cluster.
  • Start/stop/restart actions against a CDH service require the use of root and/or sudo per UNIX standards.