Required Privileges for Package-based Installations of CDH
The following sections describe the user privilege requirements for package-based installation of CDH with Cloudera Manager. These requirements are standard UNIX system requirements for installing and managing packages and services.
Required Privileges
| Task | Permissions Required |
|---|---|
| Install Cloudera Manager Server | root or sudo access to the host on which you are installing Cloudera Manager Server. |
| Start, stop, or restart Cloudera Manager Server using the service or systemctl utilities | root or sudo access to the Cloudera Manager Server host. The service runs as the cloudera-scm user by default. |
| Install CDH components using Cloudera Manager | One of the following, configured during initial installation of Cloudera Manager:
|
| Install Cloudera Manager Agent using Cloudera Manager | One of the following, configured during initial installation of Cloudera Manager:
|
| Automatically start Cloudera Manager Agent process | Access to the root user account during runtime, through one of the following scenarios:
|
| Manually start, stop, or restart Cloudera Manager Agent process | root or sudo access.
This permission requirement ensures that services managed by the Cloudera Manager Agent can run as the appropriate user (such as the hdfs user for the HDFS service). Running commands within Cloudera Manager on a CDH service does not require root or sudo access, because the action is handled by the Cloudera Manager Agent, which is already running as the root user. |
sudo Commands Run by Cloudera Manager
If you want to configure specific sudo access for the Cloudera Manager user (cloudera-scm by default), you can use the following list to do so.
The sudo commands run by Cloudera Manager are:
- yum (RHEL/CentOS/Oracle)
- zypper (SLES)
- apt-get (Ubuntu)
- apt-key (Ubuntu)
- sed
- service
- /sbin/chkconfig (RHEL/CentOS/Oracle)
- /usr/sbin/update-rc.d (Ubuntu)
- id
- rm
- mv
- chown
- install