This procedure converts a MapR cluster running as
root to run as a non-root user. Non-root operation is available from MapR version 2.0 and later. In addition to converting the MapR user to a non-root user, you can also disable superuser privileges to the cluster for the root user for additional security.
To convert a MapR cluster from running as root to running as a non-root user:
- Create a user with the same UID/GID across the cluster. Assign that user to the
- On each node:
Stop the warden and the ZooKeeper (if present).
Run the config-mapr-user.sh script to configure the cluster to start as the non-root user.
Start the ZooKeeper (if present) and the warden.
After the previous step is complete on all nodes in the cluster, run the
upgrade2mapruser.shscript on all nodes.
This command may take several minutes to return. The script waits ten minutes for the process to complete across the entire cluster. If the cluster-wide operation takes longer than ten minutes, the script fails. Re-run the script on all nodes where the script failed.
To disable superuser access for the root user
To disable root user (UID 0) access to the MapR filesystem on a cluster that is running as a non-root user, use either of the following commands:
The squash root configuration value treats all requests from UID 0 as coming from UID -2 (nobody):
The reject root configuration value automatically fails all filesystem requests from UID 0:
You can verify that these commands worked, as shown in the example below.