This is the documentation for Cloudera 5.2.x.
Documentation for other versions is available at Cloudera Documentation.

Permission Requirements

The following sections describe the permission requirements for package-based installation and upgrades of CDH with and without Cloudera Manager. The permission requirements are not controlled by Cloudera but result from standard UNIX system requirements for the installation and management of packages and running services.

Permission Requirements for Package-Based CDH Installation with Cloudera Manager

  Important: Unless otherwise noted, when root and/or sudo access is required, using another system (such as PowerBroker) that provides root/sudo privileges is acceptable.
Table 1. Permission Requirements with Cloudera Manager
Task Permissions Required
Install Cloudera Manager (via cloudera-manager-installer.bin) root and/or sudo access on a single host
Manually start/stop/restart the Cloudera Manager Server (that is, log onto the host running Cloudera Manager and execute: service cloudera-scm-server action) root and/or sudo
Run Cloudera Manager Server. cloudera-scm
Install CDH components through Cloudera Manager. One of the following, configured during initial installation of Cloudera Manager:
  • Direct access to root user via the root password.
  • Direct access to root user using a SSH key file.
  • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual hosts, which is a requirement of the UNIX system in general.
You cannot use another system (such as PowerBroker) that provides root/sudo privileges.
Install the Cloudera Manager Agent through Cloudera Manager. One of the following, configured during initial installation of Cloudera Manager:
  • Direct access to root user via the root password.
  • Direct access to root user using a SSH key file.
  • Passwordless sudo access for a specific user. This is the same requirement as the installation of CDH components on individual hosts, which is a requirement of the UNIX system in general.
You cannot use another system (such as PowerBroker) that provides root/sudo privileges.
Run the Cloudera Manager Agent. Access to the root account during runtime, through one of the following scenarios:
  • During Cloudera Manager and CDH installation, the Agent is automatically started if installation is successful. It is then started via one of the following, as configured during the initial installation of Cloudera Manager:
    • Direct access to root user via the root password
    • Direct access to root user using a SSH key file
    • Passwordless sudo access for a specific user
    Using another system (such as PowerBroker) that provides root/sudo privileges is not acceptable.
  • Through automatic startup during system boot, via init.
Manually start/stop/restart the Cloudera Manager Agent process. root and/or sudo access.

This permission requirement ensures that services managed by the Cloudera Manager Agent assume the appropriate user (that is, the HDFS service assumes the hdfs user) for correct privileges. Any action request for a CDH service managed within Cloudera Manager does not require root and/or sudo access, because the action is handled by the Cloudera Manager Agent, which is already running under the root user.

Permission Requirements for Package-Based CDH Installation without Cloudera Manager

Table 2. Permission Requirements without Cloudera Manager
Task Permissions Required
Install CDH products. root and/or sudo access for the installation of any RPM-based package during the time of installation and service startup/shut down. Passwordless SSH under the root user is not required for the installation (SSH root keys).
Upgrade a previously installed CDH package. root and/or sudo access. Passwordless SSH under the root user is not required for the upgrade process (SSH root keys).
Manually install or upgrade hosts in a CDH ready cluster. Passwordless SSH as root (SSH root keys), so that scripts can be used to help manage the CDH package and configuration across the cluster.
Change the CDH package (for example: RPM upgrades, configuration changes the require CDH service restarts, addition of CDH services). root and/or sudo access to restart any host impacted by this change, which could cause a restart of a given service on each host in the cluster.
Start/stop/restart a CDH service. root and/or sudo according to UNIX standards.