Creating a Run User
Create a run user and set the user password.
- For security purposes, do not run OmniShuffle as the root user.
- The user model in the following sections is for reference only. Modify the user model based on the actual service environment.
Create an ockadmin user for all nodes in the cluster. The O&M user has operation permissions on run users. As an example, the following procedure describes how to create the ockadmin user. You are advised to add the environment variable export HISTSIZE=0 to ockadmin so that ockadmin cannot query the operation history.
- Create an ockadmin user.
1useradd ockadmin - Add the ockadmin user to the ockadmin group and set the password.
usermod -a -G ockadmin ockadmin passwd ockadmin
To ensure your account security, you are advised to change your password every 90 days.
- Add the ZooKeeper, Spark, and Hadoop users (for example Zookeeperadmin and sparkadmin) to the owning group of the ockadmin user. Set the permission on the Zookeeperadmin, ockadmin, and sparkadmin directories to 751 and change the owner group to ockadmin.
usermod -a -G ockadmin zookeeperadmin usermod -a -G ockadmin sparkadmin
- In the /etc/security/limits.conf file, add the following content to limit the maximum number of files that can be opened by the ockadmin user, so as to prevent resource exhaustion:
1echo "ockadmin hard nofile 102400" >> /etc/security/limits.conf
Parent topic: Installing the Feature