Disabling Superuser Access for the Root User from the Command-Line

Describes how to disable superuser access for the root user.

About this task

NOTE
Enabling the cldb.squash.root OR cldb.reject.root configuration values can cause instability with ecosystem open source components if they are running as root. [On data-fabric clusters, services are running as the admin cluster user, which is mapr (by default).] Root squash applies only to files, not tables or streams. Ensure that root is not running any services before performing this procedure.
IMPORTANT
You can enable either of the following parameters, but NOT both.

Procedure

  1. To disable root user (UID 0) access to the data-fabric filesystem on a cluster that is running as a non-root user, use either of the following commands:
    • The squash root configuration value treats all requests from UID 0 as coming from UID -2 (nobody):

      /opt/mapr/bin/maprcli config save -values {"cldb.squash.root":"1"}
    • The reject root configuration value automatically fails all filesystem requests from UID 0.
      /opt/mapr/bin/maprcli config save -values {"cldb.reject.root":"1"}
  2. You can verify that these commands worked, as shown in the following example.
    /opt/mapr/bin/maprcli config load -keys cldb.squash.root,cldb.reject.root
    cldb.reject.root cldb.squash.root
    0 1