Disabling Superuser Access for the Root User from the Command-Line

Describes how to disable superuser access for the root user.

Note: Enabling the cldb.squash.root OR cldb.reject.root configuration values can cause instability with ecosystem open source components if they are running as root. [On MapR clusters, services are running as the admin cluster user, which is mapr (by default).] Root squash applies only to files, not tables or streams. Ensure that root is not running any services before performing this procedure.
Important: You can enable either of the following parameters, but NOT both.
  1. To disable root user (UID 0) access to the MapR file system on a cluster that is running as a non-root user, use either of the following commands:
    • The squash root configuration value treats all requests from UID 0 as coming from UID -2 (nobody):

      /opt/mapr/bin/maprcli config save -values {"cldb.squash.root":"1"}
    • The reject root configuration value automatically fails all file system requests from UID 0.
      /opt/mapr/bin/maprcli config save -values {"cldb.reject.root":"1"}
  2. You can verify that these commands worked, as shown in the following example.
    /opt/mapr/bin/maprcli config load -keys cldb.squash.root,cldb.reject.root
    cldb.reject.root cldb.squash.root
    0 1