zoukankan      html  css  js  c++  java
  • FuisonInsight Hadoop中新增用户和Hbase授权

    一hbse01添加kerberos用户
    1.hbse01下登录kadmin控制台
    /home/omm/kerberos/bin/kadmin -p kadmin/admin --密码1qaz@WSX
    2.hbse01下执行添加人机帐号的命令,密码超时时间为0秒
    addprinc -pwexpire 0sec xiaopeng
    addprinc -pwexpire 0sec loull
    addprinc -pwexpire 0sec zhoufeng
    addprinc -pwexpire 0sec chengxi

    二hbse01添加ldap用户
    1.获取ldap server的地址
    cat /etc/openldap/ldap.conf
    2.查看该用户要加入的组的ID(假设步骤1查询到的ldap server地址为ldaps://*.*.237.221:1389
    ldapsearch -H ldaps://*.*.237.221:1389 -LLL -x -D cn=root,dc=hadoop,dc=com -W -b ou=Groups,dc=hadoop,dc=com--列出所有组
    3.编写用户信息文件user.ldif(假设要加入的hive组的ID为10002)
    vi adduser.ldif
    输入如下内容
    dn: uid=xiaopeng,ou=Peoples,dc=hadoop,dc=com
    objectClass:account
    objectClass:posixAccount
    objectClass:shadowAccount
    uid:xiaopeng
    cn:xiaopeng
    gidNumber:10002
    homeDirectory:/home/xiaopeng
    loginShell:/bin/false
    shadowMin:0
    shadowMax:99999
    shadowLastChange:15762
    uidNumber:20003

    dn: uid=loull,ou=Peoples,dc=hadoop,dc=com
    objectClass:account
    objectClass:posixAccount
    objectClass:shadowAccount
    uid:loull
    cn:loull
    gidNumber:10002
    homeDirectory:/home/loull
    loginShell:/bin/false
    shadowMin:0
    shadowMax:99999
    shadowLastChange:15762
    uidNumber:20004

    dn: uid=zhoufeng,ou=Peoples,dc=hadoop,dc=com
    objectClass:account
    objectClass:posixAccount
    objectClass:shadowAccount
    uid:zhoufeng
    cn:zhoufeng
    gidNumber:10002
    homeDirectory:/home/zhoufeng
    loginShell:/bin/false
    shadowMin:0
    shadowMax:99999
    shadowLastChange:15762
    uidNumber:20005

    dn: uid=chengxi,ou=Peoples,dc=hadoop,dc=com
    objectClass:account
    objectClass:posixAccount
    objectClass:shadowAccount
    uid:chengxi
    cn:chengxi
    gidNumber:10002
    homeDirectory:/home/chengxi
    loginShell:/bin/false
    shadowMin:0
    shadowMax:99999
    shadowLastChange:15762
    uidNumber:20006


    4.执行如下命令,添加用户
    ldapadd -H ldaps://*.*.237.221:1389 -x -D cn=root,dc=hadoop,dc=com -W -f ./adduser.ldif
    5.执行如下命令,可以查看已有的用户
    ldapsearch -H ldaps://*.*.237.221:1389 -x -LLL -b dc=hadoop,dc=com

    三.hbase客户端授权
    登陆进入HBASE
    hbase(main):008:0> grant 'zhoufeng','RWC'
    0 row(s) in 0.1420 seconds

    四.hbase权限相关操作

    hbase(main):004:0> scan 'hbase:acl'
    ROW                                COLUMN+CELL                                                                                     
    0 row(s) in 0.0650 seconds

    hbase(main):007:0> grant 'loader','RWXCA'
    0 row(s) in 1.5820 seconds

    hbase(main):008:0> scan 'hbase:acl'
    ROW                                COLUMN+CELL                                                                                     
     hbase:acl                         column=l:loader, timestamp=1437363954892, value=RWXCA                                           
    1 row(s) in 0.1490 seconds

    hbase(main):009:0> grant 'loader','RWXC'
    0 row(s) in 0.2510 seconds

    hbase(main):011:0> scan 'hbase:acl'
    ROW                                COLUMN+CELL                                                                                     
     hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
    1 row(s) in 0.0720 seconds

    --也可以对不存在的用户授权
    hbase(main):002:0> grant 'unko','R'
    hbase(main):003:0> scan 'hbase:acl'
    ROW                                COLUMN+CELL                                                                                     
     hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
     hbase:acl                         column=l:unko, timestamp=1437364763262, value=R                                                 
    1 row(s) in 0.1540 seconds

    回收权限
    hbase(main):012:0> revoke 'unko'
    0 row(s) in 0.3670 seconds

    hbase(main):013:0> scan 'hbase:acl'
    ROW                                COLUMN+CELL                                                                                     
     hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
    1 row(s) in 0.0800 seconds


     

  • 相关阅读:
    常见Oracle HINT的用法
    2011年的每一天是周几?
    TOM上关于JOIN跟+号的讨论
    关于index_ffs使用索引的一点问题.
    数据库中分组字符串相加
    国服3.3.5:死亡骑士全系DPS饰品收益评分
    WLK狂暴战怎么玩
    3.3萨满手册
    关于clob类型在函数中的处理。
    pivot_clause [Oracle SQL]
  • 原文地址:https://www.cnblogs.com/dotagg/p/6404505.html
Copyright © 2011-2022 走看看