Enabling Impersonation for any User
Provides the procedure necessary to implement impersonation for any data-fabric user.
About this task
To enable impersonation for any data-fabric user:
Procedure
- Log in to the system as root, mapr user, or any user with full control.
-
Generate a servicewithimpersonation ticket for the data-fabric user.
For example:
$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/sample_ticket
WARNING Themapr
user ticket can be used to impersonate any user, including user root.You can generate a scoped servicewithimpersonation ticket for the user. Scoped impersonation tickets allow the user using the ticket to impersonate only the UIDs and or GIDs specified in the ticket. For example:
$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -impersonateduids 550 -impersonatedgids 500 -out /var/tmp/sample_ticket
NOTE If you generate a scoped impersonation ticket, the impersonated UIDs cannot contain the UID of userFor more information, seeroot
or usermapr
, and the impersonated GIDs cannot contain the GID of userroot
or usermapr
.maprlogin
. - Move the ticket to a secure location, and share the ticket with the user (for whom this ticket is generated).
- (Optional) Copy the file to a permanent directory.