This is the documentation for Cloudera Manager 4.8.5.
Documentation for other versions is available at Cloudera Documentation.

Permission Requirements

The following sections describe the permission requirements for package-based installation and upgrades of CDH with and without Cloudera Manager. The permission requirements are not controlled by Cloudera but result from standard UNIX system requirements for the installation and management of packages and running services.

Permission Requirements for Package-Based CDH Installation with Cloudera Manager

  • Installation of Cloudera Manager (via cloudera-manager-installer.bin) requires root and/or sudo access on a single machine. Using another system (such as PowerBroker) that provides root/sudo privileges is acceptable
  • Manual start/stop/restart of the Cloudera Manager Server (that is, logging onto the host running Cloudera Manager and executing: service cloudera-scm-server action) requires the use of root and/or sudo. Using another system (such as PowerBroker) that provides root/sudo privileges is acceptable
  • A running instance of Cloudera Manager Server does not require root and/or sudo access, as the Server is run under the user cloudera-scm
  • Installation of CDH components through Cloudera Manager requires the use of one of the following, as configured during the initial installation of Cloudera Manager:
    • Direct access to root user via the root password
    • Direct access to root user using a SSH key file
    • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual nodes, which is a requirement of the UNIX system in general.
    Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable
  • Cloudera Manager uses a process called the Cloudera Manager Agent on each host that is being managed. This process is treated as a service and requires one of the following to be installed via Cloudera Manager, as configured during the initial installation of Cloudera Manager:
    • Direct access to root user via the root password
    • Direct access to root user using a SSH key file
    • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual nodes, which is a requirement of the UNIX system in general.
    Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable
  • The Cloudera Manager Agent requires access to the root user account at runtime. This is achieved via three scenarios:
    • During Cloudera Manager and CDH installation on a given host, the Agent is automatically started upon a successful installation. It is then started via one of the following, as configured during the initial installation of Cloudera Manager:
      • Direct access to root user via the root password
      • Direct access to root user using a SSH key file
      • Passwordless sudo access for a specific user
      Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable
    • Via automatic startup during system boot, via init
    • Manual start/stop/restart of the Agent process requires root and/or sudo access. This permission requirement is to ensure that services managed by the Cloudera Manager Agent on any given host assume the appropriate user (that is, the HDFS service assumes the hdfs user) for correct privileges. Using another system (such as PowerBroker) which provides root/sudo privileges is acceptable. Any action request for a CDH service managed within Cloudera Manager does not require root and/or sudo access, as the action(s) are handled by the Cloudera Manager Agent which is already running under the root user.

Permission Requirements for Package-Based CDH Installation without Cloudera Manager

  • Installation of CDH products requires root and/or sudo access for the installation of any RPM based package during the time of installation and service startup/shut down:
    • Passwordless SSH under the root user is not required for the installation (SSH root keys)
    • Using another system (such as PowerBroker) that provides root/sudo access is acceptable
  • Upgrading previously installed CDH packages requires root and/or sudo access to be completed:
    • Passwordless SSH under the root user is not required for the upgrade process (SSH root keys)
    • Using another system (such as PowerBroker) that provides root/sudo privileges is acceptable
  • Cloudera recommends passwordless SSH as root (SSH root keys) for simplicity of manually installing and/or upgrading nodes within a CDH ready cluster for the following reasons:
    • Scripts can be created to assist in CDH package management across the cluster
    • Scripts can be created to assist in configuration management across the cluster
  • Any changes to the CDH package, including RPM upgrades, configuration changes that require CDH service restarts, or adding CDH services require the use of root and/or sudo access to restart any node impacted by this change, which could lead to a restart of a given service on each node in the cluster. Using another system (that is, PowerBroker) that provides root/sudo privileges is acceptable.
  • Start/stop/restart actions against a CDH service require the use of root and/or sudo per UNIX standards. Using another system (such as PowerBroker) that provides root/sudo privileges is acceptable.