Reply
Explorer
Posts: 38
Registered: ‎09-29-2015

Not able to delete sentry permission on Hive DB folder/directory

Hi Experts, 

 

I enabled sentry on one of the Hive DB with wrong group name, now I am not able to remove ACL. I tried setfacl with arguments like -b, -k and also tried with -m to rename but I am not able to see any change when I give getfacl on that DB directory under /user/hive/warehouse. 

 

Here is the output 

 

[user@hostname ~]$ hadoop fs -getfacl /user/hive/warehouse/test.db
# file: /user/hive/warehouse/test.db
# owner: hive
# group: hive
user::rwx
group:group1:rwx
group::---
user:hive:rwx
group:group2:r-x
group:hive:rwx
group:group3:rwx
mask::rwx
other::--x
[user@hostname ~]$ hdfs dfs -setfacl -k /user/hive/warehouse/test.db

[user@hostname ~]$ hdfs dfs -setfacl -b /user/hive/warehouse/test.db 

 

setfacl: Invalid group entry index after binary-searching inode: /user/hive/warehouse/test.db(3979083) with featureEntries:[group:group1:rwx, group::---, user:hive:rwx, group:group2:r-x, group:hive:rwx, group:group3:rwx] (-4) must not be negative


[user@hostname ~]$ hadoop fs -getfacl /user/hive/warehouse/test.db
# file: /user/hive/warehouse/test.db
# owner: hive
# group: hive
user::rwx
group:group1:rwx
group::---
user:hive:rwx
group:group2:r-x
group:hive:rwx
group:group3:rwx
mask::rwx
other::--x

 

Can someone help on this,

 

Thanks
Kishore

Posts: 473
Topics: 14
Kudos: 77
Solutions: 41
Registered: ‎09-02-2016

Re: Not able to delete sentry permission on Hive DB folder/directory

@TheKishore432

 

Pls try -x option as follows to remove the specific entry. 

 

Ex: hdfs dfs -setfacl -x user:hadoop /file

 

Highlighted
Expert Contributor
Posts: 116
Registered: ‎01-08-2018

Re: Not able to delete sentry permission on Hive DB folder/directory

If you have enabled "HDFS-Sentry synchronization"  then your setfacl actions will have no impact.

Sentry rules are translated to ACL. You should use either HUE (Security/Sentry Roles) to fix the group or connect to beeline and use the grant/revoke commands.

Announcements