FuisonInsight Hadoop中新增用户和Hbase授权
一hbse01添加kerberos用户1.hbse01下登录kadmin控制台
/home/omm/kerberos/bin/kadmin -p kadmin/admin --密码1qaz@WSX
2.hbse01下执行添加人机帐号的命令,密码超时时间为0秒
addprinc -pwexpire 0sec xiaopeng
addprinc -pwexpire 0sec loull
addprinc -pwexpire 0sec zhoufeng
addprinc -pwexpire 0sec chengxi
二hbse01添加ldap用户
1.获取ldap server的地址
cat /etc/openldap/ldap.conf
2.查看该用户要加入的组的ID(假设步骤1查询到的ldap server地址为ldaps://*.*.237.221:1389)
ldapsearch -H ldaps://*.*.237.221:1389 -LLL -x -D cn=root,dc=hadoop,dc=com -W -b ou=Groups,dc=hadoop,dc=com--列出所有组
3.编写用户信息文件user.ldif(假设要加入的hive组的ID为10002)
vi adduser.ldif
输入如下内容
dn: uid=xiaopeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:xiaopeng
cn:xiaopeng
gidNumber:10002
homeDirectory:/home/xiaopeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20003
dn: uid=loull,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:loull
cn:loull
gidNumber:10002
homeDirectory:/home/loull
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20004
dn: uid=zhoufeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:zhoufeng
cn:zhoufeng
gidNumber:10002
homeDirectory:/home/zhoufeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20005
dn: uid=chengxi,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:chengxi
cn:chengxi
gidNumber:10002
homeDirectory:/home/chengxi
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20006
4.执行如下命令,添加用户
ldapadd -H ldaps://*.*.237.221:1389 -x -D cn=root,dc=hadoop,dc=com -W -f ./adduser.ldif
5.执行如下命令,可以查看已有的用户
ldapsearch -H ldaps://*.*.237.221:1389 -x -LLL -b dc=hadoop,dc=com
三.hbase客户端授权
登陆进入HBASE
hbase(main):008:0> grant 'zhoufeng','RWC'
0 row(s) in 0.1420 seconds
四.hbase权限相关操作
hbase(main):004:0> scan 'hbase:acl'
ROW COLUMN+CELL
0 row(s) in 0.0650 seconds
hbase(main):007:0> grant 'loader','RWXCA'
0 row(s) in 1.5820 seconds
hbase(main):008:0> scan 'hbase:acl'
ROW COLUMN+CELL
hbase:acl column=l:loader, timestamp=1437363954892, value=RWXCA
1 row(s) in 0.1490 seconds
hbase(main):009:0> grant 'loader','RWXC'
0 row(s) in 0.2510 seconds
hbase(main):011:0> scan 'hbase:acl'
ROW COLUMN+CELL
hbase:acl column=l:loader, timestamp=1437364006945, value=RWXC
1 row(s) in 0.0720 seconds
--也可以对不存在的用户授权
hbase(main):002:0> grant 'unko','R'
hbase(main):003:0> scan 'hbase:acl'
ROW COLUMN+CELL
hbase:acl column=l:loader, timestamp=1437364006945, value=RWXC
hbase:acl column=l:unko, timestamp=1437364763262, value=R
1 row(s) in 0.1540 seconds
回收权限
hbase(main):012:0> revoke 'unko'
0 row(s) in 0.3670 seconds
hbase(main):013:0> scan 'hbase:acl'
ROW COLUMN+CELL
hbase:acl column=l:loader, timestamp=1437364006945, value=RWXC
1 row(s) in 0.0800 seconds
页:
[1]