Disabling Superuser Access for the Root User from the Command-Line
Describes how to disable superuser access for the root
user.
About this task
NOTE
Enabling the cldb.squash.root
OR
cldb.reject.root
configuration values can cause instability with
ecosystem open source components if they are running as root
. [On data-fabric clusters, services
are running as the admin cluster user, which is mapr
(by
default).] Root squash applies only to files, not tables or
streams. Ensure that root
is not running any services before performing
this procedure. IMPORTANT
You can enable either of the following parameters, but NOT
both.Procedure
-
To disable root user (UID 0) access to the data-fabric filesystem on a cluster that is running as a
non-root user, use either of the following commands:
-
The squash root configuration value treats all requests from UID 0 as coming from UID -2 (nobody):
/opt/mapr/bin/maprcli config save -values {"cldb.squash.root":"1"}
-
The reject root configuration value automatically fails all filesystem requests from UID 0.
/opt/mapr/bin/maprcli config save -values {"cldb.reject.root":"1"}
-
-
You can verify that these commands worked, as shown in the following example.
/opt/mapr/bin/maprcli config load -keys cldb.squash.root,cldb.reject.root cldb.reject.root cldb.squash.root 0 1