You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Nick Dimiduk (JIRA)" <ji...@apache.org> on 2015/04/30 22:32:06 UTC

[jira] [Commented] (AMBARI-10872) Phoenix QS should run as a different user, with different keytabs/principal than HBase

    [ https://issues.apache.org/jira/browse/AMBARI-10872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14522202#comment-14522202 ] 

Nick Dimiduk commented on AMBARI-10872:
---------------------------------------

This about sum it up [~devaraj]?

> Phoenix QS should run as a different user, with different keytabs/principal than HBase
> --------------------------------------------------------------------------------------
>
>                 Key: AMBARI-10872
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10872
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>            Reporter: Nick Dimiduk
>
> HBase processes run as 'hbase' user, which is effectively a super-user for HBase. Running the PQS as this user is quite a wide exposure, especially on an otherwise secured cluster. PQS does not yet have the ability to act on an authenticated users' behalf. In the mean time, we should allow the PQS to run as a non-root user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)