FuisonInsight Hadoop中新增用户和Hbase授权

本文介绍如何在HBase中通过Kerberos和LDAP添加用户,并进行权限管理。包括设置用户密码过期时间、使用LDAP配置用户信息及组ID,以及在HBase客户端进行授权与权限回收操作。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一hbse01添加kerberos用户
1.hbse01下登录kadmin控制台
/home/omm/kerberos/bin/kadmin -p kadmin/admin --密码1qaz@WSX
2.hbse01下执行添加人机帐号的命令,密码超时时间为0秒
addprinc -pwexpire 0sec xiaopeng
addprinc -pwexpire 0sec loull
addprinc -pwexpire 0sec zhoufeng
addprinc -pwexpire 0sec chengxi

二hbse01添加ldap用户
1.获取ldap server的地址
cat /etc/openldap/ldap.conf
2.查看该用户要加入的组的ID(假设步骤1查询到的ldap server地址为ldaps://*.*.237.221:1389)
ldapsearch -H ldaps://*.*.237.221:1389 -LLL -x -D cn=root,dc=hadoop,dc=com -W -b ou=Groups,dc=hadoop,dc=com--列出所有组
3.编写用户信息文件user.ldif(假设要加入的hive组的ID为10002)
vi adduser.ldif
输入如下内容
dn: uid=xiaopeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:xiaopeng
cn:xiaopeng
gidNumber:10002
homeDirectory:/home/xiaopeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20003

dn: uid=loull,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:loull
cn:loull
gidNumber:10002
homeDirectory:/home/loull
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20004

dn: uid=zhoufeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:zhoufeng
cn:zhoufeng
gidNumber:10002
homeDirectory:/home/zhoufeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20005

dn: uid=chengxi,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:chengxi
cn:chengxi
gidNumber:10002
homeDirectory:/home/chengxi
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20006

 


4.执行如下命令,添加用户
ldapadd -H ldaps://*.*.237.221:1389 -x -D cn=root,dc=hadoop,dc=com -W -f ./adduser.ldif
5.执行如下命令,可以查看已有的用户
ldapsearch -H ldaps://*.*.237.221:1389 -x -LLL -b dc=hadoop,dc=com

三.hbase客户端授权
登陆进入HBASE
hbase(main):008:0> grant 'zhoufeng','RWC'
0 row(s) in 0.1420 seconds

四.hbase权限相关操作

hbase(main):004:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
0 row(s) in 0.0650 seconds

hbase(main):007:0> grant 'loader','RWXCA'
0 row(s) in 1.5820 seconds

hbase(main):008:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437363954892, value=RWXCA                                           
1 row(s) in 0.1490 seconds

hbase(main):009:0> grant 'loader','RWXC'
0 row(s) in 0.2510 seconds

hbase(main):011:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
1 row(s) in 0.0720 seconds

 

--也可以对不存在的用户授权
hbase(main):002:0> grant 'unko','R'
hbase(main):003:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
 hbase:acl                         column=l:unko, timestamp=1437364763262, value=R                                                 
1 row(s) in 0.1540 seconds

回收权限
hbase(main):012:0> revoke 'unko'
0 row(s) in 0.3670 seconds

hbase(main):013:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
1 row(s) in 0.0800 seconds

 


 

转载于:https://www.cnblogs.com/dotagg/p/6404505.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值