Required Privileges for Package-based Installations of CDH

The following sections describe the user privilege requirements for package-based installation of CDH with Cloudera Manager. These requirements are standard UNIX system requirements for installing and managing packages and services.

Required Privileges

Required Privileges for Package-Based CDH Installation
Task Permissions Required
Install Cloudera Manager Server root or sudo access to the host on which you are installing Cloudera Manager Server.
Start, stop, or restart Cloudera Manager Server using the service or systemctl utilities root or sudo access to the Cloudera Manager Server host. The service runs as the cloudera-scm user by default.
Install CDH components using Cloudera Manager One of the following, configured during initial installation of Cloudera Manager:
  • Access to the root user account using a password or SSH key file.
  • Passwordless sudo access for a specific user.
For this task, using another system (such as PowerBroker) that provides root or sudo access is not supported.
Install Cloudera Manager Agent using Cloudera Manager One of the following, configured during initial installation of Cloudera Manager:
  • Access to the root user account using a password or SSH key file.
  • Passwordless sudo access for a specific user.
For this task, using another system (such as PowerBroker) that provides root or sudo access is not supported.
Automatically start Cloudera Manager Agent process Access to the root user account during runtime, through one of the following scenarios:
  • During Cloudera Manager and CDH installation, the Agent is automatically started if installation is successful. It is then started using one of the following, as configured during the initial installation of Cloudera Manager:
    • Access to the root user account using a password or SSH key file.
    • Passwordless sudo access for a specific user.
    For this task, using another system (such as PowerBroker) that provides root or sudo access is not supported.
  • Through automatic startup during system boot, using init.
Manually start, stop, or restart Cloudera Manager Agent process root or sudo access.

This permission requirement ensures that services managed by the Cloudera Manager Agent can run as the appropriate user (such as the hdfs user for the HDFS service). Running commands within Cloudera Manager on a CDH service does not require root or sudo access, because the action is handled by the Cloudera Manager Agent, which is already running as the root user.

sudo Commands Run by Cloudera Manager

If you want to configure specific sudo access for the Cloudera Manager user (cloudera-scm by default), you can use the following list to do so.

The sudo commands run by Cloudera Manager are:
  • yum (RHEL/CentOS/Oracle)
  • zypper (SLES)
  • apt-get (Ubuntu)
  • apt-key (Ubuntu)
  • sed
  • service
  • /sbin/chkconfig (RHEL/CentOS/Oracle)
  • /usr/sbin/update-rc.d (Ubuntu)
  • id
  • rm
  • mv
  • chown
  • install