How to Integrate Unix users and groups

Published on 30 May 2014 in - 2 minutes read - Last modified on 06 March 2021

Hue allows you to authenticate with several services like your company LDAP, OAuth, OpenId, SAML etc. This blog post covers how to integrate with linux account names in Hue by synchronizing with the underlying system.

Tutorial

The following will guide you in importing Linux accounts and groups into Hue:

  1. Ensure the ‘hadoop’ group is on the system. See the ‘Hadoop group’ section below to learn to how to verify this in different environments.
  2. From the command line, execute the command build/env/bin/hue useradmin_sync_with_unix. This will import users and groups from the machine Hue is on.
  3. Important: as a Hue administrator, give a password to each imported member. Users will not be able to login until a password has been provided to them. If you want to re-use Linux user password, you should look at the PAM backend instead (caveat: it can only authenticate the user who is running the Hue server (this being normal PAM behaviour in Linux) unless we run Hue server as root, which is not recommended. LDAP is the alternative recommended solution).

Here is a quick video demonstrating the above:

 

From the Hue root (/use/lib/hue by default or /opt/cloudera/parcels/CDH/lib/hue/ with CM):

build/env/bin/hue useradmin_sync_with_unix

 

If using CM, export this variable in order to point to the correct database:

Where is the most recent ID in that process directory for hue-HUE_SERVER.

A quick way to get the correct directory is to use this script:

export HUE_CONF_DIR="/var/run/cloudera-scm-agent/process/\`ls -alrt /var/run/cloudera-scm-agent/process | grep HUE | tail -1 | awk '{print $9}'\`"

 

Command line interface

useradmin_sync_with_unix comes with a few useful command line arguments:

  • -min-uid - The minimum linux user ID that will be imported (inclusive). The default value is 500.
  • -max-uid - The maximum linux user ID that will be imported (exclusive). The default value is 65334.
  • -min-gid - The minimum linux group ID that will be imported (inclusive). The default value is 500.
  • -max-gid - The maximum linux group ID that will be imported (exclusive). The default value is 65334.
  • -check-shell - A boolean flag  to see if the users shell is set to /bin/false.

Hadoop group

To verify the hadoop group exists, you can use the ‘getent’ command:

getent group | grep hadoop

To add the hadoop group, you can use the ‘groupadd’ command:

groupadd hadoop

Conclusion

We hope this utility opens up your Hadoop cluster to your users and simplifies administration.

Have any suggestions? Feel free to tell us what you think through hue-user or @gethue!


comments powered by Disqus

More recent stories

30 June 2021
Azure Storage sharing by leveraging SAS tokens so that your users don’t need credentials
Read More
10 June 2021
Hue 4.10 and its new SQL Editor component, REST API, small File Importer and Slack App are out!
Read More
29 May 2021
Build your own SQL Editor (BYOE) in 5 minutes via Sql Scratchpad component and public REST API.
Read More