How to Integrate Unix users and groups

How to Integrate Unix users and groups

Hue allows you to authenticate with several services like your company LDAP, OAuth, OpenId, SAML etc. This blog post covers how to integrate with linux account names in Hue by synchronizing with the underlying system.

Tutorial

The following will guide you in importing Linux accounts and groups into Hue:

  1. Ensure the ‘hadoop’ group is on the system. See the ‘Hadoop group’ section below to learn to how to verify this in different environments.
  2. From the command line, execute the command build/env/bin/hue useradmin_sync_with_unix. This will import users and groups from the machine Hue is on.
  3. Important: as a Hue administrator, give a password to each imported member. Users will not be able to login until a password has been provided to them. If you want to re-use Linux user password, you should look at the PAM backend instead (caveat: it can only authenticate the user who is running the Hue server (this being normal PAM behaviour in Linux) unless we run Hue server as root, which is not recommended. LDAP is the alternative recommended solution).

Here is a quick video demonstrating the above:

 

From the Hue root (/use/lib/hue by default or /opt/cloudera/parcels/CDH/lib/hue/ with CM):

build/env/bin/hue useradmin_sync_with_unix

 

If using CM, export this variable in order to point to the correct database:

Where <id> is the most recent ID in that process directory for hue-HUE_SERVER.

A quick way to get the correct directory is to use this script:

export HUE_CONF_DIR="/var/run/cloudera-scm-agent/process/`ls -alrt /var/run/cloudera-scm-agent/process | grep HUE | tail -1 | awk '{print $9}'`"

 

Command line interface

useradmin_sync_with_unix comes with a few useful command line arguments:

  • –min-uid – The minimum linux user ID that will be imported (inclusive). The default value is 500.
  • –max-uid – The maximum linux user ID that will be imported (exclusive). The default value is 65334.
  • –min-gid – The minimum linux group ID that will be imported (inclusive). The default value is 500.
  • –max-gid – The maximum linux group ID that will be imported (exclusive). The default value is 65334.
  • –check-shell – A boolean flag  to see if the users shell is set to /bin/false.

Hadoop group

To verify the hadoop group exists, you can use the ‘getent’ command:

getent group | grep hadoop

To add the hadoop group, you can use the ‘groupadd’ command:

groupadd hadoop

Conclusion

We hope this utility opens up your Hadoop cluster to your users and simplifies administration.

Have any suggestions? Feel free to tell us what you think through hue-user or @gethue!