Reply
Explorer
Posts: 18
Registered: ‎10-25-2016
Accepted Solution

HDFS ACL Inheritance doesn't work

Hi All
How do i ensure that the child dir and files created by a member of a group having rwx permissions on hdfs have the same rwx permission as parent?
I tried chmod and acls both as suggested by apache and cloudera. All the new dirs created by a user in a group having permission to write are still having the r-x permissions instead of rwx which i want.
I have also enabled dfs.namenode.posix.acl.inheritance.enabled to true and dfs.permissions also to true as mentioned in https://issues.apache.org/jira/browse/HDFS-6962.
fs.permissions.umask-mode=000
dfs.umaskmode, fs.permissions.umask-mode=022

[root@dev ~]# id abhig
uid=515(abhig) gid=519(abhig) groups=519(abhig),525(low_priority),528(devgrp)
********************************************
[abhig@dev ~]$ hdfs dfs -setfacl -m default:group:devgrp:rwx /test
[abhig@dev ~]$ hdfs dfs -getfacl /test
# file: /test
# owner: abhig
# group: devgrp
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:devgrp:rwx
default:mask::rwx
default:other::r-x
********************************************
[abhig@dev ~]$ hdfs dfs -mkdir /test/tst1
[abhig@dev ~]$ hdfs dfs -getfacl /test/tst1
# file: /test/tst1
# owner: abhig
# group: devgrp
user::rwx
group::r-x
group:devgrp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:devgrp:rwx
default:mask::rwx
default:other::r-x
*********************************************

This doesn't help much

https://community.cloudera.com/t5/Storage-Random-Access-HDFS/HDFS-ACL-Inheritance/m-p/25494#M1092 

 

Please give a workaround if any.

Abhishek
Explorer
Posts: 18
Registered: ‎10-25-2016

Re: HDFS ACL Inheritance doesn't work

Changing default umask through cloudera manager properties of HDFS from 022 to 002 helped out to get child dir inherit the permissions from parent dir.

Abhishek
Explorer
Posts: 8
Registered: ‎10-04-2017

Re: HDFS ACL Inheritance doesn't work

[ Edited ]

Hi Folks,

if we change umask mode to 002 from 022 will fix this?

is there any version dependency? currently, we are in 5.9.0.

 

My question is for the directory, seems we are forcing to give write permissions to group by changing to 002? 

 

directory:

022 - rwxr-xr-x 

002 - rwxrwxr-w

 

File:

022- rw-r--r--

002 - rw-rw-r--

 

 

This is how much ACL on directory looks like, i have few groups that need only r-x, if we keep 002 will it get changed to rwx for group? 

 

hdfs dfs -getfacl /test/ky/val/claim/version=xx/
# file: /test/ky/val/claim/version=xx
# owner: svc_ingest_t
# group: supergroup
user::rwx
user:hive:rwx
group::rwx
group:g_ingt_ba:r-x
group:g_ingt_bu:rwx
group:g_ingt_du:r-x
group:hive:rwx
mask::rwx
other::---
default:user::rwx
default:user:hive:rwx
default:group::rwx
default:group:g_ingt_ba:r-x
default:group:g_ingt_bu:rwx
default:group:g_du:r-x
default:group:hive:rwx
default:mask::rwx
default:other::---

Announcements