In Storm secure mode, workers can run as the user (owner of the topology) who deployed the topology. To enable, complete the following steps:
(HDP 2.2 only) On all Storm nodes, change ownership of the
confdirectory fromstormtoroot:sudo chown -R root:hadoop /etc/storm/confThis restricts access to the
worker-launcher.cfgfile in theconfdirectory. Users can still modify and update Storm configuration properties, because Ambari runs asroot.Make sure all users who are going to deploy topologies have a UNIX account on all of the Storm nodes. Workers will run under the UNIX account for topologies deployed by the user.
Example: For user
testuser1and principaltestuser1/c6401.ambari.apache.org, make sure there is a correspondingtestuser1UNIX account.Add the following configuration under "Custom storm-site" in the Ambari Storm configuration screen:
supervisor.run.worker.as.user : trueRestart Storm components.
