文档
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Creating a Run User

Create a run user and set the user password.

  • For security purposes, do not run OmniShuffle as the root user.
  • You are advised to use the created ockadmin user for installation operations. The root user may cause security risks.
  • If you want to use the ockadmin user for installation operations, switch to the ockadmin user and then perform the subsequent installation steps. Do not use the root and ockadmin users alternately during the installation process.
  • The user model in the following sections is for reference only. Modify the user model based on the actual service environment.
  • To ensure account security, you are advised to change the password every 90 days. The password must meet the following complexity requirements:
    • Contain 8 to 32 characters.
    • Contain at least two types of the uppercase letters, lowercase letters, digits, and special characters (`~!@#$%^&*()-_=+\|[{}];:'",<.>/?).
    • Cannot contain spaces.
    • Cannot be the same as the user name or the user name spelled in reverse order.

Create an ockadmin user for all nodes in the cluster. The O&M user has operation permissions on run users. As an example, the following procedure describes how to create the ockadmin user. You are advised to add the environment variable export HISTSIZE=0 to ockadmin so that ockadmin cannot query the operation history.

  1. Create an ockadmin user.
    1
    useradd ockadmin
  2. Add the ockadmin user to the ockadmin group and set the password.
    usermod -a -G ockadmin ockadmin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           passwd ockadmin
  3. Add the ZooKeeper, Spark, and Hadoop users (for example Zookeeperadmin and sparkadmin) to the owning group of the ockadmin user. Set the permission on the Zookeeperadmin, ockadmin, and sparkadmin directories to 751 and change the owner group to ockadmin.
    usermod -a -G ockadmin zookeeperadmin
usermod -a -G ockadmin sparkadmin
  4. In the /etc/security/limits.conf file, add the following content to limit the maximum number of files that can be opened by the ockadmin user, so as to prevent resource exhaustion:
    1
    echo "ockadmin  hard    nofile  102400" >> /etc/security/limits.conf
Parent topic: Installing the Feature