FuisonInsight Hadoop中新增用户和Hbase授权

一hbse01添加kerberos用户
1.hbse01下登录kadmin控制台
/home/omm/kerberos/bin/kadmin -p kadmin/admin --密码1qaz@WSX
2.hbse01下执行添加人机帐号的命令，密码超时时间为0秒
addprinc -pwexpire 0sec xiaopeng
addprinc -pwexpire 0sec loull
addprinc -pwexpire 0sec zhoufeng
addprinc -pwexpire 0sec chengxi

二hbse01添加ldap用户
1.获取ldap server的地址
cat /etc/openldap/ldap.conf
2.查看该用户要加入的组的ID（假设步骤1查询到的ldap server地址为ldaps://*.*.237.221:1389）
ldapsearch -H ldaps://*.*.237.221:1389 -LLL -x -D cn=root,dc=hadoop,dc=com -W -b ou=Groups,dc=hadoop,dc=com--列出所有组
3.编写用户信息文件user.ldif（假设要加入的hive组的ID为10002）
vi adduser.ldif
输入如下内容
dn: uid=xiaopeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:xiaopeng
cn:xiaopeng
gidNumber:10002
homeDirectory:/home/xiaopeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20003

dn: uid=loull,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:loull
cn:loull
gidNumber:10002
homeDirectory:/home/loull
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20004

dn: uid=zhoufeng,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:zhoufeng
cn:zhoufeng
gidNumber:10002
homeDirectory:/home/zhoufeng
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20005

dn: uid=chengxi,ou=Peoples,dc=hadoop,dc=com
objectClass:account
objectClass:posixAccount
objectClass:shadowAccount
uid:chengxi
cn:chengxi
gidNumber:10002
homeDirectory:/home/chengxi
loginShell:/bin/false
shadowMin:0
shadowMax:99999
shadowLastChange:15762
uidNumber:20006

 

4.执行如下命令，添加用户
ldapadd -H ldaps://*.*.237.221:1389 -x -D cn=root,dc=hadoop,dc=com -W -f ./adduser.ldif
5.执行如下命令，可以查看已有的用户
ldapsearch -H ldaps://*.*.237.221:1389 -x -LLL -b dc=hadoop,dc=com

三.hbase客户端授权
登陆进入HBASE
hbase(main):008:0> grant 'zhoufeng','RWC'
0 row(s) in 0.1420 seconds

四.hbase权限相关操作

hbase(main):004:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
0 row(s) in 0.0650 seconds

hbase(main):007:0> grant 'loader','RWXCA'
0 row(s) in 1.5820 seconds

hbase(main):008:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437363954892, value=RWXCA                                           
1 row(s) in 0.1490 seconds

hbase(main):009:0> grant 'loader','RWXC'
0 row(s) in 0.2510 seconds

hbase(main):011:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
1 row(s) in 0.0720 seconds

 

--也可以对不存在的用户授权
hbase(main):002:0> grant 'unko','R'
hbase(main):003:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
 hbase:acl                         column=l:unko, timestamp=1437364763262, value=R                                                 
1 row(s) in 0.1540 seconds

回收权限
hbase(main):012:0> revoke 'unko'
0 row(s) in 0.3670 seconds

hbase(main):013:0> scan 'hbase:acl'
ROW                                COLUMN+CELL                                                                                     
 hbase:acl                         column=l:loader, timestamp=1437364006945, value=RWXC                                            
1 row(s) in 0.0800 seconds